Edit tour

Windows Analysis Report
AWB NO - 09804803510.exe

Overview

General Information

Sample name:	AWB NO - 09804803510.exe
Analysis ID:	1670873
MD5:	39a84c59e90240d037677f13a437cac1
SHA1:	8dca8310f7d5ffa031e0924f704147aac944025c
SHA256:	f0ee7d7d77c4cdefd09ea4b525a36027afde19a30d08675e1861c75699723bb7
Tags:	exeuser-sda
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Joe Sandbox ML detected suspicious sample

Modifies the context of a thread in another process (thread injection)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

AWB NO - 09804803510.exe (PID: 3716 cmdline: "C:\Users\user\Desktop\AWB NO - 09804803510.exe" MD5: 39A84C59E90240D037677F13A437CAC1)

AWB NO - 09804803510.exe (PID: 5972 cmdline: "C:\Users\user\Desktop\AWB NO - 09804803510.exe" MD5: 39A84C59E90240D037677F13A437CAC1)

WerFault.exe (PID: 5756 cmdline: C:\Windows\system32\WerFault.exe -u -p 5972 -s 12 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: AWB NO - 09804803510.exe	ReversingLabs: Detection: 19%
Source: AWB NO - 09804803510.exe	Virustotal: Detection: 30%			Perma Link

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Neural Call Log Analysis: 85.9%

Source: AWB NO - 09804803510.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Code function: 4x nop then jmp 00007FF88B4C4610h

0_2_00007FF88B4C42C3

Source: AWB NO - 09804803510.exe

String found in binary or memory: http://www.netflix.com/browse

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Code function: 0_2_00007FF88B4C2408	0_2_00007FF88B4C2408
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Code function: 0_2_00007FF88B4C3E5E	0_2_00007FF88B4C3E5E
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Code function: 0_2_00007FF88B4D0DD0	0_2_00007FF88B4D0DD0

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5972 -s 12

Source: AWB NO - 09804803510.exe

Static PE information: No import functions for PE file found

Source: AWB NO - 09804803510.exe, 00000000.00000002.1239569922.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameReactionDiffusion.dll0 vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exe, 00000000.00000002.1246013634.0000000014C59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameGreenEnergy.dll@ vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exe, 00000000.00000002.1250187597.000000001BFA0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameReactionDiffusion.dll0 vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exe, 00000000.00000000.1219750307.0000000000282000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamekFxG.exe0 vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exe, 00000000.00000002.1250736459.000000001EFF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameGreenEnergy.dll@ vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exe, 00000000.00000002.1236981878.0000000000B4C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs AWB NO - 09804803510.exe
Source: AWB NO - 09804803510.exe	Binary or memory string: OriginalFilenamekFxG.exe0 vs AWB NO - 09804803510.exe

Source: AWB NO - 09804803510.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal56.evad.winEXE@4/1@0/0

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AWB NO - 09804803510.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Mutant created: NULL
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5972

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\9fa34d31-a533-4648-af31-74593933bb79

Jump to behavior

Source: AWB NO - 09804803510.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: AWB NO - 09804803510.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: AWB NO - 09804803510.exe	ReversingLabs: Detection: 19%
Source: AWB NO - 09804803510.exe	Virustotal: Detection: 30%

Source: unknown	Process created: C:\Users\user\Desktop\AWB NO - 09804803510.exe "C:\Users\user\Desktop\AWB NO - 09804803510.exe"
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process created: C:\Users\user\Desktop\AWB NO - 09804803510.exe "C:\Users\user\Desktop\AWB NO - 09804803510.exe"
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5972 -s 12
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process created: C:\Users\user\Desktop\AWB NO - 09804803510.exe "C:\Users\user\Desktop\AWB NO - 09804803510.exe"	Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Section loaded: iconcodecservice.dll	Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: AWB NO - 09804803510.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: AWB NO - 09804803510.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: AWB NO - 09804803510.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Code function: 0_2_00007FF88B4C3E5E push edi; retf C45Fh	0_2_00007FF88B4C4231
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Code function: 0_2_00007FF88B4C41F9 push edi; retf C45Fh	0_2_00007FF88B4C4231
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Code function: 0_2_00007FF88B4C00BD pushad ; iretd	0_2_00007FF88B4C00C1

Source: AWB NO - 09804803510.exe

Static PE information: section name: .text entropy: 7.703615388206593

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Memory allocated: 1220000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Memory allocated: 1B1C0000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe TID: 1664

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Thread register set: target process: 5972

Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Process created: C:\Users\user\Desktop\AWB NO - 09804803510.exe "C:\Users\user\Desktop\AWB NO - 09804803510.exe"

Jump to behavior

Source: AWB NO - 09804803510.exe, 00000000.00000002.1239569922.00000000031C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: AWB NO - 09804803510.exe	Binary or memory string: Shell_TrayWnd;http://www.netflix.com/browse

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Queries volume information: C:\Users\user\Desktop\AWB NO - 09804803510.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\AWB NO - 09804803510.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	112 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Software Packing	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	112 Process Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
AWB NO - 09804803510.exe	19%	ReversingLabs
AWB NO - 09804803510.exe	31%	Virustotal	Browse
SAMPLE	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.netflix.com/browse	AWB NO - 09804803510.exe	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1670873
Start date and time:	2025-04-22 08:56:24 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Power Change
Sample name:	AWB NO - 09804803510.exe
Detection:	MAL
Classification:	mal56.evad.winEXE@4/1@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 63% Number of executed functions: 83 Number of non-executed functions: 2
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.29.183.29, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target AWB NO - 09804803510.exe, PID 3716 because it is empty
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
02:57:21	API Interceptor	1x Sleep call for process: AWB NO - 09804803510.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AWB NO - 09804803510.exe.log

Download File

Process:	C:\Users\user\Desktop\AWB NO - 09804803510.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1510
Entropy (8bit):	5.380493107040482
Encrypted:	false
SSDEEP:	24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNl+84xp3/VclT:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAA
MD5:	3C7E5782E6C100B90932CBDED08ADE42
SHA1:	D498EE0833BB8C85592FB3B1E482267362DB3F74
SHA-256:	361A6FF160343A2400F7D3FA4A009EA20C994B9788C190EB9D53E544BB376490
SHA-512:	3A90D61631F4DC920860AEA31FDB5E56A102206311705D5D084E809D364F680B4E95F19CE9849D3F9CB3C2C273393FD2F2C67720BAAA885125EE358D59462B0A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.701728451446367
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	AWB NO - 09804803510.exe
File size:	874'496 bytes
MD5:	39a84c59e90240d037677f13a437cac1
SHA1:	8dca8310f7d5ffa031e0924f704147aac944025c
SHA256:	f0ee7d7d77c4cdefd09ea4b525a36027afde19a30d08675e1861c75699723bb7
SHA512:	7568c231997d52f508131245d72addfd10b77820e23badf863ff6420cb98392b62e1a531ff1fda983c63b9df14f6340fa4297f9eee27c88bae555a3bf52929bd
SSDEEP:	24576:wd6fTDxSso0POSJ4qzM/LY6+msayjgA8UO0euWt:wYbDxSJAOCAarjgPj7
TLSH:	FF05F1C03B243305DD39967085A9DDB462662E74B010F9E75ED937A73BEA212AE1DF03
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......h.........."...0..8............... .....@..... ....................................@...@......@............... .....

File Icon


Icon Hash:	4d4d0c8d9b0c4d4c

Static PE Info

General

Entrypoint:	0x140000000
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x680707CA [Tue Apr 22 03:06:50 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
dec ebp
pop edx
nop
add byte ptr [ebx], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xd6000	0x1db4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xd3650	0xd3800	61275a59b9e210837fe5ebdaef3c3ae6	False	0.8960988290484634	data	7.703615388206593	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xd6000	0x1db4	0x1e00	b19e25f281191c1386922932208ef17f	False	0.8151041666666666	data	7.264468092286236	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xd6100	0x175f	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9094099949857931
RT_GROUP_ICON	0xd7870	0x14	data	1.05
RT_VERSION	0xd7894	0x320	data	0.5075
RT_MANIFEST	0xd7bc4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Version Infos

Description	Data
Translation	0x0000 0x04b0
Comments
CompanyName
FileDescription
FileVersion	1.0.0.0
InternalName	kFxG.exe
LegalCopyright
LegalTrademarks
OriginalFilename	kFxG.exe
ProductName
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Network Behavior

⊘No network behavior found

Statistics

Click to jump to process

Memory Usage

• AWB NO - 09804803510.exe
• AWB NO - 09804803510.exe
• WerFault.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• AWB NO - 09804803510.exe
• AWB NO - 09804803510.exe
• WerFault.exe

Click to jump to process

System Behavior

Analysis Process: AWB NO - 09804803510.exePID: 3716, Parent PID: 496

Function Logs Amsi Logs

General

Target ID:	0
Start time:	02:57:20
Start date:	22/04/2025
Path:	C:\Users\user\Desktop\AWB NO - 09804803510.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\AWB NO - 09804803510.exe"
Imagebase:	0x280000
File size:	874'496 bytes
MD5 hash:	39A84C59E90240D037677F13A437CAC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Show Windows behavior

Section Activities

Sections loaded by Windows

Sections loaded by Program

Show Windows behavior

Registry Activities

Key Opened

Key Value Queried

Key Value Enumerated

Key Enumerated

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Created

Process Queried

Process Information Set

Show Windows behavior

Thread Activities

Thread Created

Thread Context Set

Thread Execution Resumed

Thread Execution Suspended

Thread Delayed

Thread Information Set

Show Windows behavior

Memory Activities

Memory Written

Memory Allocated

Memory Protection Changed

Memory Usage Statistics

Show Windows behavior

System Activities

System Information Queried

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

Window Created

Message Posted to Windows UI

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: AWB NO - 09804803510.exePID: 5972, Parent PID: 3716

Function Logs

General

Target ID:	2
Start time:	02:57:21
Start date:	22/04/2025
Path:	C:\Users\user\Desktop\AWB NO - 09804803510.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\AWB NO - 09804803510.exe"
Imagebase:	0x8d0000
File size:	874'496 bytes
MD5 hash:	39A84C59E90240D037677F13A437CAC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 5756, Parent PID: 5972

Function Logs

General

Target ID:	5
Start time:	02:57:22
Start date:	22/04/2025
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 5972 -s 12
Imagebase:	0x7ff787200000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

File Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Mutex Activities

Mutex Created

Show Windows behavior

Process Activities

Process Queried

Process Information Set

Process Suspended

Thread Activities

Thread Execution Resumed

Thread Execution Suspended

Thread Information Set

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

System Activities

System Information Set

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Object Security Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

LPC Port Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Chronological Activities

Disassembly

Analysis Process: AWB NO - 09804803510.exePID: 3716, Parent PID: 496COMMON

Executed Functions

Function 00007FF88B4C3E5E Relevance: 5.8, Strings: 4, Instructions: 791COMMON

Download Yara Rule

Strings

r6;, xrefs: 00007FF88B4CC423
6;, xrefs: 00007FF88B4CC758
6;, xrefs: 00007FF88B4CC811
b4;, xrefs: 00007FF88B4C3FAB

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 6;$6;$b4;$r6;
API String ID: 0-1726914573
Opcode ID: 0ae97c34446686edd02089f125a12d0a3d157c1f57eb2b864ca3cacea511f8a9
Instruction ID: e761bd824c8b1f63ea7f156c401da5b878c00e885707da5f786d07c30b55c4a0
Opcode Fuzzy Hash: 0ae97c34446686edd02089f125a12d0a3d157c1f57eb2b864ca3cacea511f8a9
Instruction Fuzzy Hash: EA62F770D086198FDBA4DF68C896BE8B7F1FB98741F5041AAD40DE7292DA34AD85CF40

Function 00007FF88B4C2408 Relevance: .8, Instructions: 813COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bfe0a8750daff02b4492bdbd7be7ee6d5c75391f52b7de7fdc8f0c0294b85de
Instruction ID: 97a3c2c645a4c082a279b4d9c3095b83be44eefc7dbe01762039e7d373aeb11d
Opcode Fuzzy Hash: 4bfe0a8750daff02b4492bdbd7be7ee6d5c75391f52b7de7fdc8f0c0294b85de
Instruction Fuzzy Hash: A462B774605A1D8FDB98EF18C4A9BA973A2FB59345F5004BDD00ED7296CE76ED82CB00

Function 00007FF88B4D0DD0 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 189bcd319c6e050eefd7488031bc1867d0ed5c71acff00f6ebe4eb1032b5e3be
Instruction ID: 275c37b740eff3ae114ce3e94e9c4ad5f1e00757a9e19d84ceecfc9dcf95918e
Opcode Fuzzy Hash: 189bcd319c6e050eefd7488031bc1867d0ed5c71acff00f6ebe4eb1032b5e3be
Instruction Fuzzy Hash: EDB1F03180D3C54FE31A9A2488665667FE4EF87390F1901FFD48AC71A3EA686C46C762

Function 00007FF88B4C2261 Relevance: 6.4, Strings: 5, Instructions: 148COMMON

Download Yara Rule

Strings

8ph, xrefs: 00007FF88B4C2303
8ph, xrefs: 00007FF88B4C22CA
{h, xrefs: 00007FF88B4C2291
8ph, xrefs: 00007FF88B4C233C
{h, xrefs: 00007FF88B4C23AE

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 8ph$8ph$8ph${h${h
API String ID: 0-2828689176
Opcode ID: e80f017987dff5be8e29c14de600907116016d5ff9f9bd4668678da25bef8e0a
Instruction ID: aea16c1555e88bcac666cd76734e01af39aa79c5f5db986a0d5ed8b075ac8d5d
Opcode Fuzzy Hash: e80f017987dff5be8e29c14de600907116016d5ff9f9bd4668678da25bef8e0a
Instruction Fuzzy Hash: F351047191895E4FE798EF18D8996EAB3A1FF94754F0003F5D01EC71A6DE346D818B40

Function 00007FF88B4C209D Relevance: 6.4, Strings: 5, Instructions: 145COMMON

Download Yara Rule

Strings

jz, xrefs: 00007FF88B4C2132
{h, xrefs: 00007FF88B4C221F
{h, xrefs: 00007FF88B4C21AD
@nz, xrefs: 00007FF88B4C20D6
{h, xrefs: 00007FF88B4C21E6

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: jz$@nz${h${h${h
API String ID: 0-1368247761
Opcode ID: c27c9c25265a8768747ce13c305fa331b67fd9eb9f73f58aed23f1b7ad287728
Instruction ID: 40173ae8acf7afc6411656757868ce4456cd5146649301b0d48a724034253388
Opcode Fuzzy Hash: c27c9c25265a8768747ce13c305fa331b67fd9eb9f73f58aed23f1b7ad287728
Instruction Fuzzy Hash: C151EC71E1895E8FEB98EE18C8567F9B3A1FF98740F0002B6D41DE3295DE746D818B40

Function 00007FF88B4C484D Relevance: 4.4, Strings: 3, Instructions: 610COMMON

Download Yara Rule

Strings

r6;, xrefs: 00007FF88B4C4D34
r6;, xrefs: 00007FF88B4C4D04
r6;, xrefs: 00007FF88B4C4C78

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: r6;$r6;$r6;
API String ID: 0-2627974756
Opcode ID: ae776c7c67db33a09dbc0924dd541f2ed0c84002cf4dcd85374ed21907141468
Instruction ID: 4877d1c9760e81fbf510219cdece2bbafa2e8ea7073aef957a9db8fe9e71b74d
Opcode Fuzzy Hash: ae776c7c67db33a09dbc0924dd541f2ed0c84002cf4dcd85374ed21907141468
Instruction Fuzzy Hash: 9291D531E0CA5A8FEB88DA6899662BD77E2FFD8B50F15017AD04DD32A2DE345C01C752

Function 00007FF88B4C0A5E Relevance: 2.9, Strings: 2, Instructions: 417COMMON

Download Yara Rule

Strings

X>, xrefs: 00007FF88B4C0BD4
{h, xrefs: 00007FF88B4C0AC5

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: X>${h
API String ID: 0-2700841898
Opcode ID: 128079a24a5190f0f554e3dca1c30d73c118bf70b39b30510f7b9e3d395bb199
Instruction ID: 7b455388abec0293288fabc9a3aae767486cf78abbed3524954acaae54ac2562
Opcode Fuzzy Hash: 128079a24a5190f0f554e3dca1c30d73c118bf70b39b30510f7b9e3d395bb199
Instruction Fuzzy Hash: 11F1A770D1895D8FDB98EF58C8A5BE9B7B1FF98741F5041AAD00DE72A2DA346D81CB00

Function 00007FF88B4C2F65 Relevance: 2.7, Strings: 2, Instructions: 249COMMON

Download Yara Rule

Strings

X>, xrefs: 00007FF88B4C2FC2
6;, xrefs: 00007FF88B4C3127

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 6;$X>
API String ID: 0-2664158003
Opcode ID: abd8bb647d36ada74a58c71c3fa867840e5db708efa461f31de175c42ad2ac91
Instruction ID: 30f737a69e16a90c75cf6f385b099a9816897f2b971f2ad8426abdab100933ba
Opcode Fuzzy Hash: abd8bb647d36ada74a58c71c3fa867840e5db708efa461f31de175c42ad2ac91
Instruction Fuzzy Hash: 4E91CB70D48A5D8FDBA9DB1888A5BA8B7F5FB68741F4001E9D00DE3261DE746E81CF01

Function 00007FF88B4C7364 Relevance: 2.6, Strings: 2, Instructions: 140COMMON

Download Yara Rule

Strings

r6;, xrefs: 00007FF88B4C73B0
r6;, xrefs: 00007FF88B4C755C

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: r6;$r6;
API String ID: 0-958669615
Opcode ID: 7447720289cffb5ec468332928397d599113834bbd5e37e83a86fbd9772d840c
Instruction ID: da34a8a35ac9d9605399ccb26f6f849cee4c23a5ca16d5dea76f261135a68209
Opcode Fuzzy Hash: 7447720289cffb5ec468332928397d599113834bbd5e37e83a86fbd9772d840c
Instruction Fuzzy Hash: 7641D574E0891D8FDB98EF98D895BADB7F2FBA8741F50416AD00DE7255CA34AC41CB40

Function 00007FF88B4C09A1 Relevance: 2.6, Strings: 2, Instructions: 69COMMON

Download Yara Rule

Strings

{h, xrefs: 00007FF88B4C0A53
Ph, xrefs: 00007FF88B4C0A02

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: Ph${h
API String ID: 0-1353766635
Opcode ID: 34e5d31846d1d4971bbedeb43e7b55ed4e53821224a52cd642cd3857ee22b752
Instruction ID: c06f06f66cbda232163d3a596397262d07932313b6d25ad8d6c2380fe42b4d37
Opcode Fuzzy Hash: 34e5d31846d1d4971bbedeb43e7b55ed4e53821224a52cd642cd3857ee22b752
Instruction Fuzzy Hash: 83117C71918A8D8FE7A4DF2888697E577A1FBA8700F0401FAD40DC72A2DF359D45CB81

Function 00007FF88B4C2D91 Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

(0>, xrefs: 00007FF88B4C2F58

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: (0>
API String ID: 0-2681994039
Opcode ID: 2a48ac4767d23c314c7fcbc078ca8f7308bcea046c7505b933c86361944789c5
Instruction ID: 8c0ae0efaf5f3eec70665ab90e6c0acd268ba36b9447ed39360b95d7a4f75b8f
Opcode Fuzzy Hash: 2a48ac4767d23c314c7fcbc078ca8f7308bcea046c7505b933c86361944789c5
Instruction Fuzzy Hash: 2441B774905A1D8FDB98EB18C895BA973B2FF98340F5045B9D00ED72A6CE75AD85CF00

Function 00007FF88B4C479D Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

6;, xrefs: 00007FF88B4CC811

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 6;
API String ID: 0-1830902424
Opcode ID: aaf4a7dbd6ec8ee652033e968c02ca3112df6749a0a89882b379ddb757c1b64d
Instruction ID: 5965e160713f0c67377b98b0d875aa4d6f7763533d4d61d22efd665f810de97c
Opcode Fuzzy Hash: aaf4a7dbd6ec8ee652033e968c02ca3112df6749a0a89882b379ddb757c1b64d
Instruction Fuzzy Hash: A1411970D089598FEB94EF6888557E9B7F1FF98741F5042BAC00DD7252CA346D85CB40

Function 00007FF88B4C2E1B Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

(0>, xrefs: 00007FF88B4C2F58

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: (0>
API String ID: 0-2681994039
Opcode ID: c82684889a4d8c91aab0e329b850aa3b642c07f1811ff31e4f5854709166185f
Instruction ID: 01e3ff986cc3d1bfcb79f95190c6abf0ef2d8d73c0e98ccd7e8b732286173233
Opcode Fuzzy Hash: c82684889a4d8c91aab0e329b850aa3b642c07f1811ff31e4f5854709166185f
Instruction Fuzzy Hash: F141DD74905A1D8FDB99EB18C495BA973B1FF99341F1001B9E00EE72A6CA75AD85CF00

Function 00007FF88B4C47BD Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

6;, xrefs: 00007FF88B4CC811

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 6;
API String ID: 0-1830902424
Opcode ID: 4660675eb1fde88c682999dba8de5dfac6812b024f8f23005f02b7e1fc862478
Instruction ID: 13375e01ba19912af4b49a1820eb910e198430491ef02ff5c398cbf24408b036
Opcode Fuzzy Hash: 4660675eb1fde88c682999dba8de5dfac6812b024f8f23005f02b7e1fc862478
Instruction Fuzzy Hash: AE31E630E0895D8FDB94EF68C8597E9B7F1FB98741F5042AAD00DE7256CA346D85CB80

Function 00007FF88B4CCCE1 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

r6;, xrefs: 00007FF88B4CCD6E

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: r6;
API String ID: 0-2320553268
Opcode ID: 9b073c1325c62d5d436ee89db746e7b28090ae94cfd4c86125c9ad51ff715582
Instruction ID: aadaf80e885f50d96ab8728b1478d73e1077a313311f7aab6c514853b794addb
Opcode Fuzzy Hash: 9b073c1325c62d5d436ee89db746e7b28090ae94cfd4c86125c9ad51ff715582
Instruction Fuzzy Hash: 66118171D1CA4D9FEB41EB98D8666ED7BF1FF99750F040176D008D3192DA386844C781

Function 00007FF88B4CF703 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

7, xrefs: 00007FF88B4CF727

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 81ced93dcdfb66aad440490f4706f98171c8359d53fa2e0222ee3429358dfa17
Instruction ID: f8c3683445607b101660fad5a3206d5ac18828942ba8abe045122b9af7bdf6e0
Opcode Fuzzy Hash: 81ced93dcdfb66aad440490f4706f98171c8359d53fa2e0222ee3429358dfa17
Instruction Fuzzy Hash: 9A117320B585154BEB1CA62C84625BD73D2FBD9B40B24953DE49BC72E6CE3CFC478240

Function 00007FF88B4C9E15 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

r6;, xrefs: 00007FF88B4C9E2B

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: r6;
API String ID: 0-2320553268
Opcode ID: 35b34679f8c6c1f70767831a580eccc1afaab1e312fe2b3697bd158198dbe621
Instruction ID: 456d3d69f5ddf10a186e9605b3ee426dbf2cf22f63f41f77f304f9cfab0d89ac
Opcode Fuzzy Hash: 35b34679f8c6c1f70767831a580eccc1afaab1e312fe2b3697bd158198dbe621
Instruction Fuzzy Hash: FE213070A0460E8FDB48DF58C8959AEF3F1FB98750F14862AD41AE7265CB34E942CB94

Function 00007FF88B4CF778 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

^, xrefs: 00007FF88B4CF78A

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: ^
API String ID: 0-1590793086
Opcode ID: 4fa668760517b1b59566ce1398ed741246092628c149cd5de4e3ebe7cacae62e
Instruction ID: f2b32772c1d3d68c917a7b17be43977b0af1d07f57c0036693a6ee2a033ea6fb
Opcode Fuzzy Hash: 4fa668760517b1b59566ce1398ed741246092628c149cd5de4e3ebe7cacae62e
Instruction Fuzzy Hash: B9115130B1C6568AEB2C9A2884625BC72E1FB95B41F20503DE4DB835E5DE3CED4B8640

Function 00007FF88B4C3DBD Relevance: 1.3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

Strings

HBE, xrefs: 00007FF88B4C3E1D

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: HBE
API String ID: 0-2818793567
Opcode ID: 86826ef52c07705afd00dda02c3b355fd5d54cebedac1ac02fcb6e420b63433e
Instruction ID: b1110ee4aac494f7cc394b6064aa56dbb3a6b9295381375a4e37ae98823f2b5d
Opcode Fuzzy Hash: 86826ef52c07705afd00dda02c3b355fd5d54cebedac1ac02fcb6e420b63433e
Instruction Fuzzy Hash: 30110671D0495D8FEBA4EF68886A7E8B3B1FB68740F0041AAD54DE3291DF781D80CB80

Function 00007FF88B4CF6E9 Relevance: 1.3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

Strings

7, xrefs: 00007FF88B4CF6ED

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 79bd1376cf0c8048703a3ba48e67b279c24ad2e123075049fd1b014ac3ef4879
Instruction ID: ef5ca8ad6417a26ea1d4186a0eef780695e031df889ad12185fd85f9e1e3794b
Opcode Fuzzy Hash: 79bd1376cf0c8048703a3ba48e67b279c24ad2e123075049fd1b014ac3ef4879
Instruction Fuzzy Hash: 2601A230B1C5154AE72CAA28C4625BC73E1FB99B41F20443DD49B831E6CE3CEC4B8240

Function 00007FF88B4C8E8E Relevance: 1.3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

S[, xrefs: 00007FF88B4C8E24

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: S[
API String ID: 0-2300449399
Opcode ID: a07d623f1d192e571405af1038e377f0ed5c2f0fa35136ecb6b55f648a0ed951
Instruction ID: 2c803a5819486ba69c496a8ed454db8bbbef1c3662485320d77d0c81eb1a6cd6
Opcode Fuzzy Hash: a07d623f1d192e571405af1038e377f0ed5c2f0fa35136ecb6b55f648a0ed951
Instruction Fuzzy Hash: 99017C7090826C8FCB18DF58C8926BDB7B2FF55700F1005ADD48AA7252CB38A892CF50

Function 00007FF88B4C8E07 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

S[, xrefs: 00007FF88B4C8E24

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: S[
API String ID: 0-2300449399
Opcode ID: 8d8a9bee708edebbdb7e26f38e6a7da80ba803fa65c324a92daaf25c6d563581
Instruction ID: 7333a0875d9a35ce793a7cd4d9adcc0b2e55bf31c9448a1a65e4b9e8543c34ee
Opcode Fuzzy Hash: 8d8a9bee708edebbdb7e26f38e6a7da80ba803fa65c324a92daaf25c6d563581
Instruction Fuzzy Hash: F1E01AB09082588FCB28EB68C9176ADBBB2FF41704F0041ADD44AAB352C734A882CF55

Function 00007FF88B4CE999 Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd49741b41a77b501c17708e74a51499e9b57ded0832451a9cfba5c1ea31458a
Instruction ID: fbb69c14689cf07d50b6f3f8602a45d969cd1718d005cdb1c73b3e00d02471d6
Opcode Fuzzy Hash: cd49741b41a77b501c17708e74a51499e9b57ded0832451a9cfba5c1ea31458a
Instruction Fuzzy Hash: 2B12E56184D2864FE72AD76488226653FB0FF96780F1845BBC099C75A3EB3DB80AC751

Function 00007FF88B4C48A8 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfb090dc6caa8abf42bc87d78aaaa2716dd2db250c90ff743f6649eebb8f6a60
Instruction ID: 4c4513fdb77a1c1c7b75243e72b148f948c9f85ade4363972afcb53233059c4b
Opcode Fuzzy Hash: dfb090dc6caa8abf42bc87d78aaaa2716dd2db250c90ff743f6649eebb8f6a60
Instruction Fuzzy Hash: B801C03190DBC91FD745D72498226AABBE1FFD5290F4805BFE089D72A3E9349D08C342

Function 00007FF88B4C3599 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f905c5d21187b5270e77cabee1c2c61c2a79332786db92ecb62de828ce0221a0
Instruction ID: 25cad607a38329469ac2b7fb95e9c80e3e564a7de2ca99e58c7445d09c3f0578
Opcode Fuzzy Hash: f905c5d21187b5270e77cabee1c2c61c2a79332786db92ecb62de828ce0221a0
Instruction Fuzzy Hash: 58C19C74A1895D8FCB94EF18C894BAAB7F1FFA9301F4102A4A51DD7266CA30ED91CF44

Function 00007FF88B4C3273 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 523d795693138cb45401dfd7cd4f79997d0735f1f282837447c175350bd3cae4
Instruction ID: ee38d1fdf51aeac809ce6aedf30127327565fc6d61938571ca01927647eb1eb1
Opcode Fuzzy Hash: 523d795693138cb45401dfd7cd4f79997d0735f1f282837447c175350bd3cae4
Instruction Fuzzy Hash: 23A1B530A05A1D8FDBA9EF18C895BE9B3B5FB58740F5005F9900EE7295CA75AE81CF40

Function 00007FF88B4CF384 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3158487d12da366a406b1652eb2f26bd590c86e9a3a83dc5e1837100276cf167
Instruction ID: 359c4db9bc8681db3fcabc97c785211f9cdbd86674b96c2969a9023facf1290b
Opcode Fuzzy Hash: 3158487d12da366a406b1652eb2f26bd590c86e9a3a83dc5e1837100276cf167
Instruction Fuzzy Hash: 1261E53190D2854FD71A9B2888665A57FB1EF97700B1941EEC08ACB1B3D93CAC4AC752

Function 00007FF88B4CF403 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc7738c303c2653129a7182f02aef58083707e388645a92d45db0b7935e967d
Instruction ID: 9d8c7e8e15b5e729aeb3304f8dd0bb5d07c9dca6c3c71c855ec49a5ef86e8189
Opcode Fuzzy Hash: 1dc7738c303c2653129a7182f02aef58083707e388645a92d45db0b7935e967d
Instruction Fuzzy Hash: 9461B73190D6814FD71ADB28C8669653FB1EFA771071941EAC08ACB1F3D92CEC4AC752

Function 00007FF88B4D0FCB Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 505eaed2ce197da018a3ca8f74bf2dc07975940fa3d15ce7f95744e185660d11
Instruction ID: 196b5315d0aa96ab1f4acccc003480eb68d21abaf2402923ac6a6f1663fa0caa
Opcode Fuzzy Hash: 505eaed2ce197da018a3ca8f74bf2dc07975940fa3d15ce7f95744e185660d11
Instruction Fuzzy Hash: 9541D121A0D6C14FE316A63488266693FE1EF97394F1D42FBD48ACB1F3E96C5806C352

Function 00007FF88B4D0F7B Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ad2c89554e56e3f7c9e2d31ee5a7af0f3a3c3857fd925fc0e2a5a5f84262aad
Instruction ID: a3bf3c378ce19fb316181234c571b27ae6c0fdca8d8943bf88a25391f72fe543
Opcode Fuzzy Hash: 9ad2c89554e56e3f7c9e2d31ee5a7af0f3a3c3857fd925fc0e2a5a5f84262aad
Instruction Fuzzy Hash: 9F41DF2190D6C14FE316A734886666A3FE1AF97394F1D05FBD48AC72F3E96C5806C352

Function 00007FF88B4D1009 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39ec3c919e3b2157601f696975c2879b283cff26cfc44e5b49bbedb92c3f9b32
Instruction ID: 305f8c21c1c76ebacf8f3fd917ef6b0a44dc2e586ded299236591e2ecd0d3aed
Opcode Fuzzy Hash: 39ec3c919e3b2157601f696975c2879b283cff26cfc44e5b49bbedb92c3f9b32
Instruction Fuzzy Hash: BC41AC2190D3C14FE357A73448266A93FF1AF97394F1D01EBD48ACB1A3E96C580AC362

Function 00007FF88B4D1022 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dcfebdbcac81dc8415782d3d32e7e6ce3c9406503cc1506036478bea97e9f16
Instruction ID: 4c822fed9dfe18203d0d25837119bf7764653bd00389712b05491f52917b480a
Opcode Fuzzy Hash: 5dcfebdbcac81dc8415782d3d32e7e6ce3c9406503cc1506036478bea97e9f16
Instruction Fuzzy Hash: 23419A2190D7C14FE357A734886656A3FF1AF97394F1905EBD48ACB1A3E96C580AC322

Function 00007FF88B4C8763 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20d64fb9c717c5d43ebcbf62f79e00715fb439d138a04a00088b63606a88e991
Instruction ID: 5508001426a2a019c0e49a93ec53cc8039d7285488543237be6c11c025232425
Opcode Fuzzy Hash: 20d64fb9c717c5d43ebcbf62f79e00715fb439d138a04a00088b63606a88e991
Instruction Fuzzy Hash: 9141C131A0864D8FDB55EF94D8556EDBBF1FF99350F0002BAD409AB2A5CA38AD45CB80

Function 00007FF88B4CF4D5 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ebf8dd011e052ffeccff3ec0754ad744aec89079c2e7e39e6b862132e1dea22
Instruction ID: f00949f7df586520b22dbe115b2f6f4365f02aadbbaf15ccd89d9eba7d40f6ba
Opcode Fuzzy Hash: 0ebf8dd011e052ffeccff3ec0754ad744aec89079c2e7e39e6b862132e1dea22
Instruction Fuzzy Hash: C341CE2180E7C14FE3139B748C665A17FB0EF53650B1941EBD08ACB1A3E92CAC4AC362

Function 00007FF88B4CF51F Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 570d6ca9af1d21c8b0d0c509d54c52a02c36644fe44c9fb5234de971e7cffb8a
Instruction ID: 2994288527fc9460b2c3cc16746a7b22517e9e1a6524e96ffb950bee275397c5
Opcode Fuzzy Hash: 570d6ca9af1d21c8b0d0c509d54c52a02c36644fe44c9fb5234de971e7cffb8a
Instruction Fuzzy Hash: 6441AE2180E3C55FE7239B788C665A53FB0EF53650B1941EBD489CB1E3E96C5C4AC362

Function 00007FF88B4CF4FF Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b18fc76f613e415b46ce4298f0a49f55a90352d33bd6eb2190673dd64dea7db
Instruction ID: a613352ae74848190238ccf4875de561c8460fb287fe07b0f1944a42aaea785f
Opcode Fuzzy Hash: 1b18fc76f613e415b46ce4298f0a49f55a90352d33bd6eb2190673dd64dea7db
Instruction Fuzzy Hash: EC41CD2284E7C15FD31797788C665A17FB0EF93650B1941EFC48ACB1A3E96C6C4AC362

Function 00007FF88B4C0775 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c55e0922df77ee409a8a9294e6367ad23ce616df1932fe1dd7f34a83ae38d43
Instruction ID: 9221d5d6c57bed7eb7e93b40ac67336310e629ad4c390c7643848e6d2bf205f6
Opcode Fuzzy Hash: 2c55e0922df77ee409a8a9294e6367ad23ce616df1932fe1dd7f34a83ae38d43
Instruction Fuzzy Hash: 8C41C763C0E6D64BE71A577858760E43B90FF92B9470941B3C0888F1B3DD282C5AC295

Function 00007FF88B4CCBE0 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4e4e3e49b93764e868722e7ced12fe9410adc0313fb689e474fcce32dd1831e
Instruction ID: 6b408b4b5de5d3e240d017e825695db0bfb3e004243d9a6f3da4b9131d7a23ee
Opcode Fuzzy Hash: a4e4e3e49b93764e868722e7ced12fe9410adc0313fb689e474fcce32dd1831e
Instruction Fuzzy Hash: C241496688E3C15FD3438B705C265E17FB0AF53224B0E41EBD0D4CB4A3E66D5A5AC7A2

Function 00007FF88B4D0CC0 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2780c1a54b0c85094a7c970e961a7b2a73b09955d1b3542be00d8ac188a79eac
Instruction ID: 7118ad8337bdae64498b34182d84a62d635079bba46202f775b798831b40ba8e
Opcode Fuzzy Hash: 2780c1a54b0c85094a7c970e961a7b2a73b09955d1b3542be00d8ac188a79eac
Instruction Fuzzy Hash: B831F422E0DAC60FF3599A68582A1397BD1FBD6690B1802FFD48EC32B7D81868018381

Function 00007FF88B4C07D3 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708b4e91ac56e048b56172acfed7e41b5f060a869837480f2f12f273572e1af2
Instruction ID: 9ec50390f1d79a25e27b6130c91117757068942b180d7b2ecb72c67f1f2500c7
Opcode Fuzzy Hash: 708b4e91ac56e048b56172acfed7e41b5f060a869837480f2f12f273572e1af2
Instruction Fuzzy Hash: 9C31B217D0E6964EE70A567C64B61E53B90FFD2B94B0940F7C0888B1B3D9282C4AC3A5

Function 00007FF88B4CF568 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55740416f16a1f60165f8e074899531961a3d6ed398d0ebed33ab078e75267d0
Instruction ID: ead6d67caefb65e36adc46ed961503fcc12a8322436b13cf7d425e9f67bf9c76
Opcode Fuzzy Hash: 55740416f16a1f60165f8e074899531961a3d6ed398d0ebed33ab078e75267d0
Instruction Fuzzy Hash: 9131896284E7C55FE7139B788C665A17FB0EF63210B1941EFC089CB1A3E9685C4AC362

Function 00007FF88B4CB6C8 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bdc6f1f33c827d3c82f53df9c644b486155e2ad228b9b5961deff765e4a49c1
Instruction ID: 0d4b713dacab5db621a81d616e4fdf25b0ef14e9d9aec75c59f213bc743c1f42
Opcode Fuzzy Hash: 6bdc6f1f33c827d3c82f53df9c644b486155e2ad228b9b5961deff765e4a49c1
Instruction Fuzzy Hash: BF31B2314197C98FDB42DF6888625E97FF0EF46750F0901E6E885CB192D628A856CB92

Function 00007FF88B4C87D8 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042ced05177d896848d8d98e3d8a7c0dcebf86290b073916d7d36a26babd4665
Instruction ID: f10881c082f1b0533e7ec09fc65a0bb632bae10d84d59a798c6dc118366dfa5c
Opcode Fuzzy Hash: 042ced05177d896848d8d98e3d8a7c0dcebf86290b073916d7d36a26babd4665
Instruction Fuzzy Hash: 4521BF3190878D8FDB52DF64C8556E97BF1FF9A310F0502AAD408DB2A1DA78AD44CB81

Function 00007FF88B4C016D Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aca9bfa9508f7cc8edff1757f2af7fa87f4839db30a5917575aa48777cdd359c
Instruction ID: 0c8f5d5d10ade1cd463def3cbb617637dbbbd16f630e3d55372b2d1f492a624b
Opcode Fuzzy Hash: aca9bfa9508f7cc8edff1757f2af7fa87f4839db30a5917575aa48777cdd359c
Instruction Fuzzy Hash: 3D21EF3090864ACFDB05CF54C8525FEBBF1FF89350F1081BAD409872A2DB39A952CB84

Function 00007FF88B4C74DE Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c2db70a90a40b2060a47f42baaf9e9ce25b9fca3981126b83d577f32fa383a
Instruction ID: cafdff0b9f5009e96e5ac6c60749504791c3e5d79960ddd7714b281f12fb74f1
Opcode Fuzzy Hash: f3c2db70a90a40b2060a47f42baaf9e9ce25b9fca3981126b83d577f32fa383a
Instruction Fuzzy Hash: 2921E974A1891D8FDF98EA9CD855BADB7B1FBA8741F10016AD00DE7361CA34AC41CB40

Function 00007FF88B4CDED8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06585b1804efa4d4bc74560dcd3c3623b00c9d328aa517d308a520f7d7863c0e
Instruction ID: 92ccb45cea812eceed0ac043aaf3ec9192565ffa127066b0dbc1d9601a2133b9
Opcode Fuzzy Hash: 06585b1804efa4d4bc74560dcd3c3623b00c9d328aa517d308a520f7d7863c0e
Instruction Fuzzy Hash: 0E216DB180D7C98FDB92DF688869AA53FF0FF26204F0A05DBE448C7163E6389955CB41

Function 00007FF88B4C54E0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a263ce7eea448cf7affc752d9afaa328ec7597a9c370af4f3c07ca98370baba
Instruction ID: 17c84c86b80dd37ffc87ad1eedba0d4ca7f48f3c6b0fb56e615f32c888e001ee
Opcode Fuzzy Hash: 8a263ce7eea448cf7affc752d9afaa328ec7597a9c370af4f3c07ca98370baba
Instruction Fuzzy Hash: 7F218C30914A0D8BDB44EF58C892AFE77F0FB48745F000166E849E3295CA34F955CBD1

Function 00007FF88B4C9D68 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89f9ea69d173394b202c8db379190805092aabdf5f419b6ef9be44a4a6804c79
Instruction ID: eee4d21065e972f8eeae59604da4b758cecf6a0758f13a73bee6e35153889623
Opcode Fuzzy Hash: 89f9ea69d173394b202c8db379190805092aabdf5f419b6ef9be44a4a6804c79
Instruction Fuzzy Hash: 5121813090D6898FDB06DF6488216EE7BB1FF86310F0541EBD055E72E2CA386D15C7A1

Function 00007FF88B4C0840 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87d5e13f448ab7ec1f4b7d3cd7eee795d02caae777d74361bb4b468dec51a4d0
Instruction ID: e0e661997d9714effed52dd146b52805e414a179bfe58cb08ef1340a417362f3
Opcode Fuzzy Hash: 87d5e13f448ab7ec1f4b7d3cd7eee795d02caae777d74361bb4b468dec51a4d0
Instruction Fuzzy Hash: 0311B61680D7D60FE707637858B61E43FA0AF92694B0A40F7C084CF1B3D9185C4AC3A5

Function 00007FF88B4CCE48 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e76b8087d0aa5951db74d5041e7d3bd7a37aaa3b1d6e6ce82da7b68cf33090
Instruction ID: 18fe282b9e4b3c9b935e8e2f9f46e93f8661cb46301981c2c1a140fafcfc1452
Opcode Fuzzy Hash: a3e76b8087d0aa5951db74d5041e7d3bd7a37aaa3b1d6e6ce82da7b68cf33090
Instruction Fuzzy Hash: 22211870D04A5E8FEB48EF98C4665BDBBF2FF99751F10416AC009E72A5DB302881CB80

Function 00007FF88B4C00F8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f6ca67e6dc353c21ceb9237d5d8ea806c09336c91cdd1ee6f822a5b1264ff69
Instruction ID: 33002d6222af05ac37bb169c09e56670cb512e439a351a3661f25a32b6686b7d
Opcode Fuzzy Hash: 2f6ca67e6dc353c21ceb9237d5d8ea806c09336c91cdd1ee6f822a5b1264ff69
Instruction Fuzzy Hash: 9F11B17180D685CFE315DF6898161B9BBE0FFA5B94B5800BAD04D872A7DE3AAC44C780

Function 00007FF88B4D0BB0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c575366641c456c7ba33d2c2e470c9ae7a90eb972f3be46a766e45f57399d70
Instruction ID: 9f7956a65a7a43e3e3379b3648bd02a63741ce8734976ba844d389577443725a
Opcode Fuzzy Hash: 3c575366641c456c7ba33d2c2e470c9ae7a90eb972f3be46a766e45f57399d70
Instruction Fuzzy Hash: CE11673092064D9BDB04EF58C8869E977F0FF48344F4002AAE889C32A2CB34F991CB91

Function 00007FF88B4C5530 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 064f1dbcd8b3b303b5df507e0fe81a582c2166ddc11b0993e88f3d045a083300
Instruction ID: b7f4b740cb662cfb1a78c730f09c5d1b9c7784e21058cb6e6e51e80dcf76d5dc
Opcode Fuzzy Hash: 064f1dbcd8b3b303b5df507e0fe81a582c2166ddc11b0993e88f3d045a083300
Instruction Fuzzy Hash: 52115731E0851E8BDB15DF98D8516EEB7F6FB98360F00417AD41AE32A0DB39A915CB90

Function 00007FF88B4C5520 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c21daed6a2f0677e1f2e6c5747ffa80beb77b64e3d43ec7c4297eea36a3491c
Instruction ID: c378d06eb4aba9878ab9a8ac3234a5c76fd9cc00e8c60d26bea55bde76eee4d0
Opcode Fuzzy Hash: 8c21daed6a2f0677e1f2e6c5747ffa80beb77b64e3d43ec7c4297eea36a3491c
Instruction Fuzzy Hash: C7118C30D0855A8BDB04EFA8D8516EEB7F2FF88350F04417AD01AE3291CF38A911CB90

Function 00007FF88B4C96C8 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2059f3d9ccfbf5bb90e15c1a2027948ef6443149ea97a8670d6d926a13da3e7
Instruction ID: 86699847b73dff11ba09c8e00ee1b58629c0d5eb8287555dba1805fecb6b6ac0
Opcode Fuzzy Hash: e2059f3d9ccfbf5bb90e15c1a2027948ef6443149ea97a8670d6d926a13da3e7
Instruction Fuzzy Hash: BA115A31E0850D8FDB09DF98D8529EEB7F1FF98350F14457AD00AEB2A1CA39A911CB55

Function 00007FF88B4CF74B Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b67a8923423e525ec86606d7ec48d0b67a971c32e0306c2eafa10bc1eaa2ceba
Instruction ID: 07c7d8bdadb8b7e6e812b9afda23daf8cd5baa319dcb36eba6252cb0b73b875a
Opcode Fuzzy Hash: b67a8923423e525ec86606d7ec48d0b67a971c32e0306c2eafa10bc1eaa2ceba
Instruction Fuzzy Hash: 870192307185564AE72C9A28C4625BC73E6FB99741F20503DD49B871E6DE3CED4B8640

Function 00007FF88B4C7423 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b147f026093534abc10deb6cbca6b9d62be27cfc8fe80e98610eae9766c8ab1
Instruction ID: 468adee804745718bf85f6913ec84630872b4e0aa9b9e5ae909adf5b756146ba
Opcode Fuzzy Hash: 4b147f026093534abc10deb6cbca6b9d62be27cfc8fe80e98610eae9766c8ab1
Instruction Fuzzy Hash: 2811FA34E1561D8FCB48DFA8D895A9DB7F2FB98341F608129D00AEB294DB34AD05CF04

Function 00007FF88B4CE2D4 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 088988fd4d48fc2eb2892c20cfc6f146cb59b19e077e2148204cd68ea8c3da3e
Instruction ID: 5f04d7ba83fb3cf9e4037cc57702c19d132d6454de8f00a76320e4acdfbad8b1
Opcode Fuzzy Hash: 088988fd4d48fc2eb2892c20cfc6f146cb59b19e077e2148204cd68ea8c3da3e
Instruction Fuzzy Hash: 83018F30C586CA8FE7529F74881A6E97BF0FF56700F0404EBE458C71A2DB786955C742

Function 00007FF88B4C8160 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 862c4d64dfaed979c76a66437744a5c55006f8734d5ce729eead846af3d1b8e8
Instruction ID: 941b3670ddd4d84ee5adf7f69d48814de9af2243a067b7b0500734e433d35884
Opcode Fuzzy Hash: 862c4d64dfaed979c76a66437744a5c55006f8734d5ce729eead846af3d1b8e8
Instruction Fuzzy Hash: 58018C718593C98FD742DF64885A5E93FF0FF8A244F0941EAE849871A3DB399816C741

Function 00007FF88B4CC285 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bddcbf0c51b3c9b2c346f1ed0bdc72cbfb226e402a6fb625064cfcde2a6f737
Instruction ID: 38288f7c350cff1a19ea10e2f31d000e7114761f1ae19da8d0d0dc56b43b3915
Opcode Fuzzy Hash: 2bddcbf0c51b3c9b2c346f1ed0bdc72cbfb226e402a6fb625064cfcde2a6f737
Instruction Fuzzy Hash: E701A73181978D8FDB44EF28C8566ED7BE0FF59740F4502B6E808C3151DA74E954C782

Function 00007FF88B4D0AED Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3528cad79e6c5dda65459db470a9a6baeeb67192e4dd3dd1f894220c03edd892
Instruction ID: 81540b1b0ca67418e082dfcc41e5d0e197fd413973a28882922a9b2ca4b423ad
Opcode Fuzzy Hash: 3528cad79e6c5dda65459db470a9a6baeeb67192e4dd3dd1f894220c03edd892
Instruction Fuzzy Hash: F101167092428DDFDB48DF58C8426F977E0FB48749F1002BAF88A93291CB38A655DB91

Function 00007FF88B4CF6AD Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 411a4a268df26320f7d1d8c41127d4a23cf11646f5fae1a7059aeb3b9c834f4c
Instruction ID: c0e15ee3827f160a9b9cd90cbe178419f45b1289a5d13469d3a3bb967624b16b
Opcode Fuzzy Hash: 411a4a268df26320f7d1d8c41127d4a23cf11646f5fae1a7059aeb3b9c834f4c
Instruction Fuzzy Hash: 2501A730B5855546E7285A2CC4A65FC33D2FB95B45F24413DD4AB831E6CE3CE94B8240

Function 00007FF88B4C41F9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53473228d01f301811b3dea32fe0cb16baea8865e9d8da24e69d251fa243713c
Instruction ID: 8c4d641346ab2a8022a26742b9e19229409be4aa164cda3b20e7efb70e918812
Opcode Fuzzy Hash: 53473228d01f301811b3dea32fe0cb16baea8865e9d8da24e69d251fa243713c
Instruction Fuzzy Hash: A2019630C0820B8AEB75EE1489576F973B1FFC5786F1046B8E409535A2EF38AC49CB91

Function 00007FF88B4C08E5 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a4b0067e1f376a83b5ee7f6f0cffbac94fe3085d9182e9e161a58380c70092c
Instruction ID: 54068355db924a778742e5e98e5f54836107469da31ec75981959d836869173f
Opcode Fuzzy Hash: 8a4b0067e1f376a83b5ee7f6f0cffbac94fe3085d9182e9e161a58380c70092c
Instruction Fuzzy Hash: 62F08171D4864D9FE750EB68886A2AD7BB1FF95740F8501F6C008C71A3EE381954C741

Function 00007FF88B4D0879 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dad4ad4cae1da275d18679af33d40ae8cb96a7e92155d24a8da4a88b3e0f257
Instruction ID: 08d965c1302a4e18fe30f2e31f57d7c66bf2ded984934d3c3f3d4d1f68aa0f82
Opcode Fuzzy Hash: 5dad4ad4cae1da275d18679af33d40ae8cb96a7e92155d24a8da4a88b3e0f257
Instruction Fuzzy Hash: 9001783091878D8FDB81EF68C8592EA7BF0FF59300F0505EAE848C72A2D7389954CB81

Function 00007FF88B4C017D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d1ea0c6c81c9d3006ba3f2bfbfb5b9bbb2c3f33671d9a2e58305f1e270062f
Instruction ID: 3bffddedad10e43633e8bfa1913553dacf31a77b93ee07c3c2d6c407c9357ab9
Opcode Fuzzy Hash: 42d1ea0c6c81c9d3006ba3f2bfbfb5b9bbb2c3f33671d9a2e58305f1e270062f
Instruction Fuzzy Hash: 48012C314197898FDB46DF2888621E93BB0BF8A688F1505AAE849C71A2DA38A854C741

Function 00007FF88B4CE5E1 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 787392cd3d8b4b3ba6b2537273f4d3bb607418e69dcb7fd346f3fe60f804c4dd
Instruction ID: 4360daa7825544334be56ce9d307d717fc7502c8f50053a6aabef38e4fbba34b
Opcode Fuzzy Hash: 787392cd3d8b4b3ba6b2537273f4d3bb607418e69dcb7fd346f3fe60f804c4dd
Instruction Fuzzy Hash: D7F09070D1868E8FDB81EF6888192EA7BF0FF14300F4405EAD828C31A2EB78A544CB41

Function 00007FF88B4C018D Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7e56f4b733e82912e8e92eb5d6aec4d30e48edb154eb45a87f063680becb6b2
Instruction ID: d947944b543567ac3b3601a762ff39c9afedbae14dc9d8923352cb6edf224d6c
Opcode Fuzzy Hash: d7e56f4b733e82912e8e92eb5d6aec4d30e48edb154eb45a87f063680becb6b2
Instruction Fuzzy Hash: 31F06871818249CFD745DF1494521F93BE0FF85784F10047AD44DC7262CB39A951C741

Function 00007FF88B4C735E Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10f88a651aa2aed179c41a372857097588146331ff14994a152f33c36433dd97
Instruction ID: 47e93731afcb42207c82ff87c3dd34600abb9dda93c32d10844008062deb12d7
Opcode Fuzzy Hash: 10f88a651aa2aed179c41a372857097588146331ff14994a152f33c36433dd97
Instruction Fuzzy Hash: E1E06D34B084059BE354DA18C0516A932D2FBCC7A0F21827AC00AC32BAC938E9468AC4

Function 00007FF88B4C5A78 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dc4f8ad78d528b40520d05cfd5faac8c85d154e2b5fdb5bc6222246a4e6e60a
Instruction ID: 5192f0451d73ce1d735a49db68e510f960f967ac9910b74395d5db9228993dfa
Opcode Fuzzy Hash: 6dc4f8ad78d528b40520d05cfd5faac8c85d154e2b5fdb5bc6222246a4e6e60a
Instruction Fuzzy Hash: E6F0AC3082455E9FEB80EFA899096BA76F0FB54705F4009A6E429D2161DB386654CB41

Function 00007FF88B4C65D5 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb36ceb72ba31e638e35608a2ddbfcb15910f1007f4585a2543a3bdfa942a032
Instruction ID: 3b9f2eaa705a665f9ffdb32b629f97d0429f18adcd37dcf0da1876935226f10c
Opcode Fuzzy Hash: fb36ceb72ba31e638e35608a2ddbfcb15910f1007f4585a2543a3bdfa942a032
Instruction Fuzzy Hash: 35E09231C1E2894FD751AB7499672D87BA0BF85740F4941F6D008870A2EA78AD18CB42

Function 00007FF88B4C01AD Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdc5199747aa77f63674c308af66fe64486b54dc783c2e40570ab54e6cbdf19c
Instruction ID: 87b9b65ebeaae983351df5a2b5097814ca025b4c5c61824c07c55c8d916c8915
Opcode Fuzzy Hash: cdc5199747aa77f63674c308af66fe64486b54dc783c2e40570ab54e6cbdf19c
Instruction Fuzzy Hash: 2CE0203150D6C5CFE301DA2458174BC7B60FF96B4970806BDD49E87063CA356C05C350

Function 00007FF88B4C0888 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a8a850e9868d28150bde739c032458db3ce1f6741cf0256cfe4471e0411c56
Instruction ID: ff348fcf01de7c8e851adb58b149528265393b0e6430631c562a752952111092
Opcode Fuzzy Hash: 26a8a850e9868d28150bde739c032458db3ce1f6741cf0256cfe4471e0411c56
Instruction Fuzzy Hash: 34E02621C6D64E4BF76477B8445A2F93BD0FF85BC0F004874D008C22A3ED382C84C2A1

Function 00007FF88B4CE705 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba0b58e269dd85d345400dba675be6964756fc653047c9e6031737f3b05f2777
Instruction ID: 77c9b6dee12e0ed4a18b4b4acce5ac609d20df9529006d126be143c0e471013e
Opcode Fuzzy Hash: ba0b58e269dd85d345400dba675be6964756fc653047c9e6031737f3b05f2777
Instruction Fuzzy Hash: 0CE0ED2284E7C95FD71357609C225957FA0AF83140F0A42E7D4988B0A3D66D5A58C752

Function 00007FF88B4C99D8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e79257d770a748d4a81dadc39fd5f62c5d2a316c3748bbd3ae3f6b9bd540887
Instruction ID: ea6b359b186ed7e8f9914cfdc40770016492329d0e9231b27f28dcb30ba98287
Opcode Fuzzy Hash: 4e79257d770a748d4a81dadc39fd5f62c5d2a316c3748bbd3ae3f6b9bd540887
Instruction Fuzzy Hash: 9EE0653091A51AEEDB5ACB2581121BCB3A1BFE4BC1B70547DC40E5B1E0DA375D01CF58

Function 00007FF88B4CCA43 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c73abbb267f369d41a5af9db1ddf35748e88716d0245757fbcb7fc0a48fd72c0
Instruction ID: 6c7678f1ebd26d6b969aa459945feedb4372671ffb4c9d1bd0fd7aea1e5e322d
Opcode Fuzzy Hash: c73abbb267f369d41a5af9db1ddf35748e88716d0245757fbcb7fc0a48fd72c0
Instruction Fuzzy Hash: 19F0A5309455299EEB98EB58C866BEDB6B1FF58741F5000EED00DE3291CB356980CF00

Function 00007FF88B4C8B6C Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a958f9ed797a255c81ab895d6cad97957cf6a679f909315c454ece821a1918bb
Instruction ID: e9fae232f35b7ab6457f57757caadce5443c5b0ac80e5e36c7cca20335ed7b11
Opcode Fuzzy Hash: a958f9ed797a255c81ab895d6cad97957cf6a679f909315c454ece821a1918bb
Instruction Fuzzy Hash: 99E01A30D09A1D9FCF09EB94C4568BDB7B1FF54300B10416DD40ABB261C739A842CB80

Function 00007FF88B4C93BE Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 996f3f47ab4f164b7c50ca287ef9f469bce5305059c84df56b3be88399bc6806
Instruction ID: e4734336e31e4075267287f169a4ae02b754e76ef75764fd494bba4d785eb081
Opcode Fuzzy Hash: 996f3f47ab4f164b7c50ca287ef9f469bce5305059c84df56b3be88399bc6806
Instruction Fuzzy Hash: 08E0C9B0D042198FDB58CF58C8616EDB771FF55304F1042ADC45A67391CB756981CF40

Function 00007FF88B4C08C2 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e02ba8a8f208f6896671fc02286592964672119b5aee7788a356ba1109295d
Instruction ID: f377bd06bedb7c92002bfeac0d29eb96d73a7f364b8d593647c50d033b709558
Opcode Fuzzy Hash: 93e02ba8a8f208f6896671fc02286592964672119b5aee7788a356ba1109295d
Instruction Fuzzy Hash: 44D0C971D0940DAEDB40EB98E8556EDB775FF88215F0012B6D40DE3262DF342A528641

Function 00007FF88B4C7E4E Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27c49c2fc427866d55b58d861df9703a4775a5d0f66f87f8bbc1aafef2205757
Instruction ID: da3016c90593343a7597d61ea37b56e6179b9bf7abbd039f64202be0677fea23
Opcode Fuzzy Hash: 27c49c2fc427866d55b58d861df9703a4775a5d0f66f87f8bbc1aafef2205757
Instruction Fuzzy Hash: 26E0EC74D2825A8BCB44EF54C8939EFBBB1BF8C741F604834D405A32A5CA34BC00DB64

Function 00007FF88B4C705A Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6294709d0e815e54a204d2bb784a1e54a610b393ca6861a6a6863ea69644f9ea
Instruction ID: fac52008262ad2e337c56c5ca5b202d9eeba902d5d8db75a8cf144dec3c6b01f
Opcode Fuzzy Hash: 6294709d0e815e54a204d2bb784a1e54a610b393ca6861a6a6863ea69644f9ea
Instruction Fuzzy Hash: 6EE0EC30D149199AEB94DB68C4523AC66B1BF58741F4080A5D04DE3155CE3469408F14

Function 00007FF88B4CEFE8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7277ec5b01de4df08e5a4934676772a82e177e27e24e97b4f6c1bcc929c0bd0e
Instruction ID: 1184553fdf47e4aac5c286cd543bf7228eb0e54f3837905bd3bfdfde12a2a157
Opcode Fuzzy Hash: 7277ec5b01de4df08e5a4934676772a82e177e27e24e97b4f6c1bcc929c0bd0e
Instruction Fuzzy Hash: 0EC02B127C941C0AD580590C7C410A4B340D78413078002B7D80CC210AC82F1C404780

Function 00007FF88B4C9A1C Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c872eae4eec3b8bd2f8ae03b0fb1e5b34d17b0a2e50e140cd627d2b9e4dd1af
Instruction ID: 26d14c3aba611463a16c70cc4310fe351915f5e64df7fbed073e1237589e41fb
Opcode Fuzzy Hash: 9c872eae4eec3b8bd2f8ae03b0fb1e5b34d17b0a2e50e140cd627d2b9e4dd1af
Instruction Fuzzy Hash: 4CD0923090561A8E8F98DE24C1525A873A2BFA8785BA01879D01A9B195CA36AC12CF18

Non-executed Functions

Function 00007FF88B4C42C3 Relevance: 4.1, Strings: 3, Instructions: 325COMMON

Download Yara Rule

Strings

r6;, xrefs: 00007FF88B4C44CE
2, xrefs: 00007FF88B4C443D
r6;, xrefs: 00007FF88B4C431C

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: 2$r6;$r6;
API String ID: 0-1365934537
Opcode ID: f7e54715e595367a60832e0e01ae5cb864ccb3f8201d6d292f99fbbb32716a00
Instruction ID: ca276f2730dce90bea62ba60a7b2cf9271e964f19424aaeac020fcd24f511b62
Opcode Fuzzy Hash: f7e54715e595367a60832e0e01ae5cb864ccb3f8201d6d292f99fbbb32716a00
Instruction Fuzzy Hash: 84E1F870D0822A8FDB69DF68C895BECB7B1BF58344F1045E9D44DA7292CA386E85CF50

Function 00007FF88B4C19C8 Relevance: 5.2, Strings: 4, Instructions: 179COMMON

Download Yara Rule

Strings

(0X, xrefs: 00007FF88B4C1A19
p0X, xrefs: 00007FF88B4C19E9
P/X, xrefs: 00007FF88B4C19F9
/X, xrefs: 00007FF88B4C19C9

Memory Dump Source

Source File: 00000000.00000002.1251334983.00007FF88B4C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF88B4C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff88b4c0000_AWB NO - 09804803510.jbxd

Similarity

API ID:
String ID: (0X$P/X$p0X$/X
API String ID: 0-595362307
Opcode ID: 74ac6f877e7e77a9e1736dcc7c5ff55cb3f0f78b18892368dff9261f3708416e
Instruction ID: 82def8b9204a3275d1b166acf146afe2cb0bc22192b98a5684f968d3228e4981
Opcode Fuzzy Hash: 74ac6f877e7e77a9e1736dcc7c5ff55cb3f0f78b18892368dff9261f3708416e
Instruction Fuzzy Hash: 6451DE7280E6C59FE7168A64A8222FA7BF4FF96700B0840FBD049D71ABD9359D09C7C0

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report AWB NO - 09804803510.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AWB NO - 09804803510.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Version Infos

Network Behavior

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

System Behavior

Analysis Process: AWB NO - 09804803510.exePID: 3716, Parent PID: 496

General

File Activities

File Opened

File Created

File Written

Windows Analysis Report
AWB NO - 09804803510.exe