Windows
Analysis Report
U9M1w8FHBW.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 5144 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\U9M 1w8FHBW.dl l" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6) - conhost.exe (PID: 1128 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 3808 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\U9M 1w8FHBW.dl l",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - rundll32.exe (PID: 1972 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\U9M1 w8FHBW.dll ",#1 MD5: 73C519F050C20580F8A62C849D49215A) - regsvr32.exe (PID: 4808 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\DChihh ZAEIop\NZI CbhYKmnAVT .dll" MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 3360 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\U9 M1w8FHBW.d ll MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 4516 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\YKYTbO gY\pyluVjQ OzYMsbAJk. dll" MD5: D78B75FC68247E8A63ACBA846182740E) - rundll32.exe (PID: 5552 cmdline:
rundll32.e xe C:\User s\user\Des ktop\U9M1w 8FHBW.dll, DllRegiste rServer MD5: 73C519F050C20580F8A62C849D49215A) - regsvr32.exe (PID: 4144 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\AvyZUm IIeGJLvcye \aPdTkvBLd rznCXG.dll " MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 3192 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\DahdrC XRHjoqlqPu \vvcfbAnuZ puTsj.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
- regsvr32.exe (PID: 1788 cmdline:
C:\Windows \system32\ regsvr32.e xe" "C:\Wi ndows\syst em32\DChih hZAEIop\NZ ICbhYKmnAV T.dll MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 4784 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Use rs\user\Ap pData\Loca l\OQOuTpy\ WqdnfVdfYC xIlc.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
- cleanup
{"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 7 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 7 entries |
Timestamp: | 192.168.2.6115.178.55.2249714802404304 11/13/22-16:55:33.271971 |
SID: | 2404304 |
Source Port: | 49714 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Malware Configuration Extractor: |
Source: | Code function: | 0_2_00007FFD14679410 | |
Source: | Code function: | 3_2_00007FFD14679410 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFD1466C334 | |
Source: | Code function: | 3_2_00007FFD1466C334 |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00007FFD14673FB0 | |
Source: | Code function: | 0_2_00007FFD14671910 | |
Source: | Code function: | 0_2_00007FFD1466C334 | |
Source: | Code function: | 0_2_00007FFD1466ABC0 | |
Source: | Code function: | 0_2_00007FFD1466A370 | |
Source: | Code function: | 0_2_0000000180020454 | |
Source: | Code function: | 0_2_0000000180028C94 | |
Source: | Code function: | 0_2_00000001800038A5 | |
Source: | Code function: | 0_2_00000001800248E0 | |
Source: | Code function: | 0_2_0000000180005DB4 | |
Source: | Code function: | 0_2_0000000180004DDC | |
Source: | Code function: | 0_2_000000018000B1E0 | |
Source: | Code function: | 0_2_0000000180009E38 | |
Source: | Code function: | 0_2_0000000180003BE8 | |
Source: | Code function: | 0_2_0000000180009BEC | |
Source: | Code function: | 0_2_00000001800173F8 | |
Source: | Code function: | 0_2_0000000180017BF8 | |
Source: | Code function: | 0_2_0000000180015400 | |
Source: | Code function: | 0_2_0000000180001000 | |
Source: | Code function: | 0_2_000000018000741C | |
Source: | Code function: | 0_2_000000018000E828 | |
Source: | Code function: | 0_2_0000000180002834 | |
Source: | Code function: | 0_2_0000000180014C48 | |
Source: | Code function: | 0_2_000000018002005C | |
Source: | Code function: | 0_2_0000000180016464 | |
Source: | Code function: | 0_2_0000000180005478 | |
Source: | Code function: | 0_2_0000000180006880 | |
Source: | Code function: | 0_2_000000018002748C | |
Source: | Code function: | 0_2_000000018001308C | |
Source: | Code function: | 0_2_0000000180024098 | |
Source: | Code function: | 0_2_000000018001B898 | |
Source: | Code function: | 0_2_000000018000C498 | |
Source: | Code function: | 0_2_0000000180004CA0 | |
Source: | Code function: | 0_2_00000001800110AC | |
Source: | Code function: | 0_2_00000001800148B0 | |
Source: | Code function: | 0_2_00000001800078B6 | |
Source: | Code function: | 0_2_0000000180001CCC | |
Source: | Code function: | 0_2_000000018000B8D0 | |
Source: | Code function: | 0_2_00000001800198DC | |
Source: | Code function: | 0_2_00000001800038DC | |
Source: | Code function: | 0_2_00000001800264F8 | |
Source: | Code function: | 0_2_00000001800084F8 | |
Source: | Code function: | 0_2_000000018000BD00 | |
Source: | Code function: | 0_2_0000000180015508 | |
Source: | Code function: | 0_2_0000000180018D0C | |
Source: | Code function: | 0_2_0000000180012110 | |
Source: | Code function: | 0_2_000000018001B520 | |
Source: | Code function: | 0_2_0000000180029124 | |
Source: | Code function: | 0_2_0000000180013524 | |
Source: | Code function: | 0_2_0000000180009D24 | |
Source: | Code function: | 0_2_0000000180023D28 | |
Source: | Code function: | 0_2_0000000180002128 | |
Source: | Code function: | 0_2_0000000180020930 | |
Source: | Code function: | 0_2_0000000180009144 | |
Source: | Code function: | 0_2_000000018001F550 | |
Source: | Code function: | 0_2_0000000180020D54 | |
Source: | Code function: | 0_2_0000000180010954 | |
Source: | Code function: | 0_2_0000000180018560 | |
Source: | Code function: | 0_2_000000018000E570 | |
Source: | Code function: | 0_2_000000018001C974 | |
Source: | Code function: | 0_2_000000018000F174 | |
Source: | Code function: | 0_2_0000000180025D84 | |
Source: | Code function: | 0_2_0000000180005590 | |
Source: | Code function: | 0_2_0000000180017198 | |
Source: | Code function: | 0_2_00000001800159A0 | |
Source: | Code function: | 0_2_0000000180011DAC | |
Source: | Code function: | 0_2_000000018000D1AC | |
Source: | Code function: | 0_2_00000001800069C0 | |
Source: | Code function: | 0_2_000000018000A1D4 | |
Source: | Code function: | 0_2_00000001800079D8 | |
Source: | Code function: | 0_2_000000018001C1DC | |
Source: | Code function: | 0_2_000000018000D1E0 | |
Source: | Code function: | 0_2_00000001800199E8 | |
Source: | Code function: | 0_2_00000001800099EC | |
Source: | Code function: | 0_2_0000000180028A04 | |
Source: | Code function: | 0_2_000000018001FA08 | |
Source: | Code function: | 0_2_000000018001E614 | |
Source: | Code function: | 0_2_0000000180001A1C | |
Source: | Code function: | 0_2_000000018000BA24 | |
Source: | Code function: | 0_2_0000000180021A2C | |
Source: | Code function: | 0_2_0000000180019230 | |
Source: | Code function: | 0_2_000000018000BE34 | |
Source: | Code function: | 0_2_0000000180012244 | |
Source: | Code function: | 0_2_0000000180006650 | |
Source: | Code function: | 0_2_0000000180001660 | |
Source: | Code function: | 0_2_0000000180011664 | |
Source: | Code function: | 0_2_000000018001827C | |
Source: | Code function: | 0_2_0000000180024680 | |
Source: | Code function: | 0_2_0000000180022A84 | |
Source: | Code function: | 0_2_000000018000AE84 | |
Source: | Code function: | 0_2_0000000180028690 | |
Source: | Code function: | 0_2_0000000180015694 | |
Source: | Code function: | 0_2_0000000180007694 | |
Source: | Code function: | 0_2_0000000180013698 | |
Source: | Code function: | 0_2_0000000180009298 | |
Source: | Code function: | 0_2_000000018002629C | |
Source: | Code function: | 0_2_000000018001629C | |
Source: | Code function: | 0_2_000000018000569C | |
Source: | Code function: | 0_2_0000000180027EA4 | |
Source: | Code function: | 0_2_00000001800096B8 | |
Source: | Code function: | 0_2_000000018000EAC4 | |
Source: | Code function: | 0_2_0000000180018ECC | |
Source: | Code function: | 0_2_000000018001B2F0 | |
Source: | Code function: | 0_2_0000000180007AF0 | |
Source: | Code function: | 0_2_000000018000E708 | |
Source: | Code function: | 0_2_0000000180010310 | |
Source: | Code function: | 0_2_0000000180015B18 | |
Source: | Code function: | 0_2_000000018000871C | |
Source: | Code function: | 0_2_0000000180021728 | |
Source: | Code function: | 0_2_000000018001D32C | |
Source: | Code function: | 0_2_000000018001CF30 | |
Source: | Code function: | 0_2_0000000180015334 | |
Source: | Code function: | 0_2_000000018000A734 | |
Source: | Code function: | 0_2_0000000180027348 | |
Source: | Code function: | 0_2_0000000180004B4C | |
Source: | Code function: | 0_2_0000000180001B5C | |
Source: | Code function: | 0_2_0000000180006B5C | |
Source: | Code function: | 0_2_0000000180001364 | |
Source: | Code function: | 0_2_000000018000FF64 | |
Source: | Code function: | 0_2_000000018000C364 | |
Source: | Code function: | 0_2_000000018000E368 | |
Source: | Code function: | 0_2_000000018001E76C | |
Source: | Code function: | 0_2_0000000180018778 | |
Source: | Code function: | 0_2_0000000180012780 | |
Source: | Code function: | 0_2_000000018001FB88 | |
Source: | Code function: | 0_2_0000000180013B88 | |
Source: | Code function: | 0_2_0000000180022B8C | |
Source: | Code function: | 0_2_000000018000CB8D | |
Source: | Code function: | 0_2_0000000180008FA0 | |
Source: | Code function: | 0_2_0000000180014FA4 | |
Source: | Code function: | 0_2_00000001800197AC | |
Source: | Code function: | 0_2_00000001800257B4 | |
Source: | Code function: | 0_2_0000000180013FE0 | |
Source: | Code function: | 0_2_000000018000F3E0 | |
Source: | Code function: | 0_2_000002A683650000 | |
Source: | Code function: | 3_2_00007FFD14673FB0 | |
Source: | Code function: | 3_2_00007FFD14671910 | |
Source: | Code function: | 3_2_00007FFD1466C334 | |
Source: | Code function: | 3_2_00007FFD1466ABC0 | |
Source: | Code function: | 3_2_00007FFD1466A370 | |
Source: | Code function: | 3_2_01F50000 | |
Source: | Code function: | 3_2_0000000180020454 | |
Source: | Code function: | 3_2_0000000180028C94 | |
Source: | Code function: | 3_2_00000001800038A5 | |
Source: | Code function: | 3_2_00000001800248E0 | |
Source: | Code function: | 3_2_0000000180005DB4 | |
Source: | Code function: | 3_2_0000000180004DDC | |
Source: | Code function: | 3_2_000000018000B1E0 | |
Source: | Code function: | 3_2_0000000180009E38 | |
Source: | Code function: | 3_2_0000000180003BE8 | |
Source: | Code function: | 3_2_0000000180009BEC | |
Source: | Code function: | 3_2_00000001800173F8 | |
Source: | Code function: | 3_2_0000000180017BF8 | |
Source: | Code function: | 3_2_0000000180015400 | |
Source: | Code function: | 3_2_0000000180001000 | |
Source: | Code function: | 3_2_000000018000741C | |
Source: | Code function: | 3_2_000000018000E828 | |
Source: | Code function: | 3_2_0000000180002834 | |
Source: | Code function: | 3_2_0000000180014C48 | |
Source: | Code function: | 3_2_000000018002005C | |
Source: | Code function: | 3_2_0000000180016464 | |
Source: | Code function: | 3_2_0000000180005478 | |
Source: | Code function: | 3_2_0000000180006880 | |
Source: | Code function: | 3_2_000000018002748C | |
Source: | Code function: | 3_2_000000018001308C | |
Source: | Code function: | 3_2_0000000180024098 | |
Source: | Code function: | 3_2_000000018001B898 | |
Source: | Code function: | 3_2_000000018000C498 | |
Source: | Code function: | 3_2_0000000180004CA0 | |
Source: | Code function: | 3_2_00000001800110AC | |
Source: | Code function: | 3_2_00000001800148B0 | |
Source: | Code function: | 3_2_00000001800078B6 | |
Source: | Code function: | 3_2_0000000180001CCC | |
Source: | Code function: | 3_2_000000018000B8D0 | |
Source: | Code function: | 3_2_00000001800198DC | |
Source: | Code function: | 3_2_00000001800038DC | |
Source: | Code function: | 3_2_00000001800264F8 | |
Source: | Code function: | 3_2_00000001800084F8 | |
Source: | Code function: | 3_2_000000018000BD00 | |
Source: | Code function: | 3_2_0000000180015508 | |
Source: | Code function: | 3_2_0000000180018D0C | |
Source: | Code function: | 3_2_0000000180012110 | |
Source: | Code function: | 3_2_000000018001B520 | |
Source: | Code function: | 3_2_0000000180029124 | |
Source: | Code function: | 3_2_0000000180013524 | |
Source: | Code function: | 3_2_0000000180009D24 | |
Source: | Code function: | 3_2_0000000180023D28 | |
Source: | Code function: | 3_2_0000000180002128 | |
Source: | Code function: | 3_2_0000000180020930 | |
Source: | Code function: | 3_2_0000000180009144 | |
Source: | Code function: | 3_2_000000018001F550 | |
Source: | Code function: | 3_2_0000000180020D54 | |
Source: | Code function: | 3_2_0000000180010954 | |
Source: | Code function: | 3_2_0000000180018560 | |
Source: | Code function: | 3_2_000000018000E570 | |
Source: | Code function: | 3_2_000000018001C974 | |
Source: | Code function: | 3_2_000000018000F174 | |
Source: | Code function: | 3_2_0000000180025D84 | |
Source: | Code function: | 3_2_0000000180005590 | |
Source: | Code function: | 3_2_0000000180017198 | |
Source: | Code function: | 3_2_00000001800159A0 | |
Source: | Code function: | 3_2_0000000180011DAC | |
Source: | Code function: | 3_2_000000018000D1AC | |
Source: | Code function: | 3_2_00000001800069C0 | |
Source: | Code function: | 3_2_000000018000A1D4 | |
Source: | Code function: | 3_2_00000001800079D8 | |
Source: | Code function: | 3_2_000000018001C1DC | |
Source: | Code function: | 3_2_000000018000D1E0 | |
Source: | Code function: | 3_2_00000001800199E8 | |
Source: | Code function: | 3_2_00000001800099EC | |
Source: | Code function: | 3_2_0000000180028A04 | |
Source: | Code function: | 3_2_000000018001FA08 | |
Source: | Code function: | 3_2_000000018001E614 | |
Source: | Code function: | 3_2_0000000180001A1C | |
Source: | Code function: | 3_2_000000018000BA24 | |
Source: | Code function: | 3_2_0000000180021A2C | |
Source: | Code function: | 3_2_0000000180019230 | |
Source: | Code function: | 3_2_000000018000BE34 | |
Source: | Code function: | 3_2_0000000180012244 | |
Source: | Code function: | 3_2_0000000180006650 | |
Source: | Code function: | 3_2_0000000180001660 | |
Source: | Code function: | 3_2_0000000180011664 | |
Source: | Code function: | 3_2_000000018001827C | |
Source: | Code function: | 3_2_0000000180024680 | |
Source: | Code function: | 3_2_0000000180022A84 | |
Source: | Code function: | 3_2_000000018000AE84 | |
Source: | Code function: | 3_2_0000000180028690 | |
Source: | Code function: | 3_2_0000000180015694 | |
Source: | Code function: | 3_2_0000000180007694 | |
Source: | Code function: | 3_2_0000000180013698 | |
Source: | Code function: | 3_2_0000000180009298 | |
Source: | Code function: | 3_2_000000018002629C | |
Source: | Code function: | 3_2_000000018001629C | |
Source: | Code function: | 3_2_000000018000569C | |
Source: | Code function: | 3_2_0000000180027EA4 | |
Source: | Code function: | 3_2_00000001800096B8 | |
Source: | Code function: | 3_2_000000018000EAC4 | |
Source: | Code function: | 3_2_0000000180018ECC | |
Source: | Code function: | 3_2_000000018001B2F0 | |
Source: | Code function: | 3_2_0000000180007AF0 | |
Source: | Code function: | 3_2_000000018000E708 | |
Source: | Code function: | 3_2_0000000180010310 | |
Source: | Code function: | 3_2_0000000180015B18 | |
Source: | Code function: | 3_2_000000018000871C | |
Source: | Code function: | 3_2_0000000180021728 | |
Source: | Code function: | 3_2_000000018001D32C | |
Source: | Code function: | 3_2_000000018001CF30 | |
Source: | Code function: | 3_2_0000000180015334 | |
Source: | Code function: | 3_2_000000018000A734 | |
Source: | Code function: | 3_2_0000000180027348 | |
Source: | Code function: | 3_2_0000000180004B4C | |
Source: | Code function: | 3_2_0000000180001B5C | |
Source: | Code function: | 3_2_0000000180006B5C | |
Source: | Code function: | 3_2_0000000180001364 | |
Source: | Code function: | 3_2_000000018000FF64 | |
Source: | Code function: | 3_2_000000018000C364 | |
Source: | Code function: | 3_2_000000018000E368 | |
Source: | Code function: | 3_2_000000018001E76C | |
Source: | Code function: | 3_2_0000000180018778 | |
Source: | Code function: | 3_2_0000000180012780 | |
Source: | Code function: | 3_2_000000018001FB88 | |
Source: | Code function: | 3_2_0000000180013B88 | |
Source: | Code function: | 3_2_0000000180022B8C | |
Source: | Code function: | 3_2_000000018000CB8D | |
Source: | Code function: | 3_2_0000000180008FA0 | |
Source: | Code function: | 3_2_0000000180014FA4 | |
Source: | Code function: | 3_2_00000001800197AC | |
Source: | Code function: | 3_2_00000001800257B4 | |
Source: | Code function: | 3_2_0000000180013FE0 | |
Source: | Code function: | 3_2_000000018000F3E0 | |
Source: | Code function: | 4_2_0000000180020454 | |
Source: | Code function: | 4_2_0000000180028C94 | |
Source: | Code function: | 4_2_00000001800038A5 | |
Source: | Code function: | 4_2_00000001800248E0 | |
Source: | Code function: | 4_2_0000000180009144 | |
Source: | Code function: | 4_2_0000000180005DB4 | |
Source: | Code function: | 4_2_0000000180004DDC | |
Source: | Code function: | 4_2_000000018000B1E0 | |
Source: | Code function: | 4_2_0000000180009E38 | |
Source: | Code function: | 4_2_0000000180003BE8 | |
Source: | Code function: | 4_2_0000000180009BEC | |
Source: | Code function: | 4_2_00000001800173F8 | |
Source: | Code function: | 4_2_0000000180017BF8 | |
Source: | Code function: | 4_2_0000000180015400 | |
Source: | Code function: | 4_2_0000000180001000 | |
Source: | Code function: | 4_2_000000018000741C | |
Source: | Code function: | 4_2_000000018000E828 | |
Source: | Code function: | 4_2_0000000180002834 | |
Source: | Code function: | 4_2_0000000180014C48 | |
Source: | Code function: | 4_2_000000018002005C | |
Source: | Code function: | 4_2_0000000180016464 | |
Source: | Code function: | 4_2_0000000180005478 | |
Source: | Code function: | 4_2_0000000180006880 | |
Source: | Code function: | 4_2_000000018002748C | |
Source: | Code function: | 4_2_000000018001308C | |
Source: | Code function: | 4_2_0000000180024098 | |
Source: | Code function: | 4_2_000000018001B898 | |
Source: | Code function: | 4_2_000000018000C498 | |
Source: | Code function: | 4_2_0000000180004CA0 | |
Source: | Code function: | 4_2_00000001800110AC | |
Source: | Code function: | 4_2_00000001800148B0 | |
Source: | Code function: | 4_2_00000001800078B6 | |
Source: | Code function: | 4_2_0000000180001CCC | |
Source: | Code function: | 4_2_000000018000B8D0 | |
Source: | Code function: | 4_2_00000001800198DC | |
Source: | Code function: | 4_2_00000001800038DC | |
Source: | Code function: | 4_2_00000001800264F8 | |
Source: | Code function: | 4_2_00000001800084F8 | |
Source: | Code function: | 4_2_000000018000BD00 | |
Source: | Code function: | 4_2_0000000180015508 | |
Source: | Code function: | 4_2_0000000180018D0C | |
Source: | Code function: | 4_2_0000000180012110 | |
Source: | Code function: | 4_2_000000018001B520 | |
Source: | Code function: | 4_2_0000000180029124 | |
Source: | Code function: | 4_2_0000000180013524 | |
Source: | Code function: | 4_2_0000000180009D24 | |
Source: | Code function: | 4_2_0000000180023D28 | |
Source: | Code function: | 4_2_0000000180002128 | |
Source: | Code function: | 4_2_0000000180020930 | |
Source: | Code function: | 4_2_000000018001F550 | |
Source: | Code function: | 4_2_0000000180020D54 | |
Source: | Code function: | 4_2_0000000180010954 | |
Source: | Code function: | 4_2_0000000180018560 | |
Source: | Code function: | 4_2_000000018000E570 | |
Source: | Code function: | 4_2_000000018001C974 | |
Source: | Code function: | 4_2_000000018000F174 | |
Source: | Code function: | 4_2_0000000180025D84 | |
Source: | Code function: | 4_2_0000000180005590 | |
Source: | Code function: | 4_2_0000000180017198 | |
Source: | Code function: | 4_2_00000001800159A0 | |
Source: | Code function: | 4_2_0000000180011DAC | |
Source: | Code function: | 4_2_000000018000D1AC | |
Source: | Code function: | 4_2_00000001800069C0 | |
Source: | Code function: | 4_2_000000018000A1D4 | |
Source: | Code function: | 4_2_00000001800079D8 | |
Source: | Code function: | 4_2_000000018001C1DC | |
Source: | Code function: | 4_2_000000018000D1E0 | |
Source: | Code function: | 4_2_00000001800199E8 | |
Source: | Code function: | 4_2_00000001800099EC | |
Source: | Code function: | 4_2_0000000180028A04 | |
Source: | Code function: | 4_2_000000018001FA08 | |
Source: | Code function: | 4_2_000000018001E614 | |
Source: | Code function: | 4_2_0000000180001A1C | |
Source: | Code function: | 4_2_000000018000BA24 | |
Source: | Code function: | 4_2_0000000180021A2C | |
Source: | Code function: | 4_2_0000000180019230 | |
Source: | Code function: | 4_2_000000018000BE34 | |
Source: | Code function: | 4_2_0000000180012244 | |
Source: | Code function: | 4_2_0000000180006650 | |
Source: | Code function: | 4_2_0000000180001660 | |
Source: | Code function: | 4_2_0000000180011664 | |
Source: | Code function: | 4_2_000000018001827C | |
Source: | Code function: | 4_2_0000000180024680 | |
Source: | Code function: | 4_2_0000000180022A84 | |
Source: | Code function: | 4_2_000000018000AE84 | |
Source: | Code function: | 4_2_0000000180028690 | |
Source: | Code function: | 4_2_0000000180015694 | |
Source: | Code function: | 4_2_0000000180007694 | |
Source: | Code function: | 4_2_0000000180013698 | |
Source: | Code function: | 4_2_0000000180009298 | |
Source: | Code function: | 4_2_000000018002629C | |
Source: | Code function: | 4_2_000000018001629C | |
Source: | Code function: | 4_2_000000018000569C | |
Source: | Code function: | 4_2_0000000180027EA4 | |
Source: | Code function: | 4_2_00000001800096B8 | |
Source: | Code function: | 4_2_000000018000EAC4 | |
Source: | Code function: | 4_2_0000000180018ECC | |
Source: | Code function: | 4_2_000000018001B2F0 | |
Source: | Code function: | 4_2_0000000180007AF0 | |
Source: | Code function: | 4_2_000000018000E708 | |
Source: | Code function: | 4_2_0000000180010310 | |
Source: | Code function: | 4_2_0000000180015B18 | |
Source: | Code function: | 4_2_000000018000871C | |
Source: | Code function: | 4_2_0000000180021728 | |
Source: | Code function: | 4_2_000000018001D32C | |
Source: | Code function: | 4_2_000000018001CF30 | |
Source: | Code function: | 4_2_0000000180015334 | |
Source: | Code function: | 4_2_000000018000A734 | |
Source: | Code function: | 4_2_0000000180027348 | |
Source: | Code function: | 4_2_0000000180004B4C | |
Source: | Code function: | 4_2_0000000180006B5C | |
Source: | Code function: | 4_2_0000000180001B5C | |
Source: | Code function: | 4_2_0000000180001364 | |
Source: | Code function: | 4_2_000000018000FF64 | |
Source: | Code function: | 4_2_000000018000C364 | |
Source: | Code function: | 4_2_000000018000E368 | |
Source: | Code function: | 4_2_000000018001E76C | |
Source: | Code function: | 4_2_0000000180018778 | |
Source: | Code function: | 4_2_0000000180012780 | |
Source: | Code function: | 4_2_000000018001FB88 | |
Source: | Code function: | 4_2_0000000180013B88 | |
Source: | Code function: | 4_2_0000000180022B8C | |
Source: | Code function: | 4_2_000000018000CB8D | |
Source: | Code function: | 4_2_0000000180008FA0 | |
Source: | Code function: | 4_2_0000000180014FA4 | |
Source: | Code function: | 4_2_00000001800197AC | |
Source: | Code function: | 4_2_00000001800257B4 | |
Source: | Code function: | 4_2_0000000180013FE0 | |
Source: | Code function: | 4_2_000000018000F3E0 | |
Source: | Code function: | 4_2_000002735FD40000 | |
Source: | Code function: | 5_2_0000000180020454 | |
Source: | Code function: | 5_2_0000000180028C94 | |
Source: | Code function: | 5_2_00000001800038A5 | |
Source: | Code function: | 5_2_00000001800248E0 | |
Source: | Code function: | 5_2_0000000180005DB4 | |
Source: | Code function: | 5_2_0000000180004DDC | |
Source: | Code function: | 5_2_000000018000B1E0 | |
Source: | Code function: | 5_2_0000000180009E38 | |
Source: | Code function: | 5_2_0000000180003BE8 | |
Source: | Code function: | 5_2_0000000180009BEC | |
Source: | Code function: | 5_2_00000001800173F8 | |
Source: | Code function: | 5_2_0000000180017BF8 | |
Source: | Code function: | 5_2_0000000180015400 | |
Source: | Code function: | 5_2_0000000180001000 | |
Source: | Code function: | 5_2_000000018000741C | |
Source: | Code function: | 5_2_000000018000E828 | |
Source: | Code function: | 5_2_0000000180002834 | |
Source: | Code function: | 5_2_0000000180014C48 | |
Source: | Code function: | 5_2_000000018002005C | |
Source: | Code function: | 5_2_0000000180016464 | |
Source: | Code function: | 5_2_0000000180005478 | |
Source: | Code function: | 5_2_0000000180006880 | |
Source: | Code function: | 5_2_000000018002748C | |
Source: | Code function: | 5_2_000000018001308C | |
Source: | Code function: | 5_2_0000000180024098 | |
Source: | Code function: | 5_2_000000018001B898 | |
Source: | Code function: | 5_2_000000018000C498 | |
Source: | Code function: | 5_2_0000000180004CA0 | |
Source: | Code function: | 5_2_00000001800110AC | |
Source: | Code function: | 5_2_00000001800148B0 | |
Source: | Code function: | 5_2_00000001800078B6 | |
Source: | Code function: | 5_2_0000000180001CCC | |
Source: | Code function: | 5_2_000000018000B8D0 | |
Source: | Code function: | 5_2_00000001800198DC | |
Source: | Code function: | 5_2_00000001800038DC | |
Source: | Code function: | 5_2_00000001800264F8 | |
Source: | Code function: | 5_2_00000001800084F8 | |
Source: | Code function: | 5_2_000000018000BD00 | |
Source: | Code function: | 5_2_0000000180015508 | |
Source: | Code function: | 5_2_0000000180018D0C | |
Source: | Code function: | 5_2_0000000180012110 | |
Source: | Code function: | 5_2_000000018001B520 | |
Source: | Code function: | 5_2_0000000180029124 | |
Source: | Code function: | 5_2_0000000180013524 | |
Source: | Code function: | 5_2_0000000180009D24 | |
Source: | Code function: | 5_2_0000000180023D28 | |
Source: | Code function: | 5_2_0000000180002128 | |
Source: | Code function: | 5_2_0000000180020930 | |
Source: | Code function: | 5_2_0000000180009144 | |
Source: | Code function: | 5_2_000000018001F550 | |
Source: | Code function: | 5_2_0000000180020D54 | |
Source: | Code function: | 5_2_0000000180010954 | |
Source: | Code function: | 5_2_0000000180018560 | |
Source: | Code function: | 5_2_000000018000E570 | |
Source: | Code function: | 5_2_000000018001C974 | |
Source: | Code function: | 5_2_000000018000F174 | |
Source: | Code function: | 5_2_0000000180025D84 | |
Source: | Code function: | 5_2_0000000180005590 | |
Source: | Code function: | 5_2_0000000180017198 | |
Source: | Code function: | 5_2_00000001800159A0 | |
Source: | Code function: | 5_2_0000000180011DAC | |
Source: | Code function: | 5_2_000000018000D1AC | |
Source: | Code function: | 5_2_00000001800069C0 | |
Source: | Code function: | 5_2_000000018000A1D4 | |
Source: | Code function: | 5_2_00000001800079D8 | |
Source: | Code function: | 5_2_000000018001C1DC | |
Source: | Code function: | 5_2_000000018000D1E0 | |
Source: | Code function: | 5_2_00000001800199E8 | |
Source: | Code function: | 5_2_00000001800099EC | |
Source: | Code function: | 5_2_0000000180028A04 | |
Source: | Code function: | 5_2_000000018001FA08 | |
Source: | Code function: | 5_2_000000018001E614 | |
Source: | Code function: | 5_2_0000000180001A1C | |
Source: | Code function: | 5_2_000000018000BA24 | |
Source: | Code function: | 5_2_0000000180021A2C | |
Source: | Code function: | 5_2_0000000180019230 | |
Source: | Code function: | 5_2_000000018000BE34 | |
Source: | Code function: | 5_2_0000000180012244 | |
Source: | Code function: | 5_2_0000000180006650 | |
Source: | Code function: | 5_2_0000000180001660 | |
Source: | Code function: | 5_2_0000000180011664 | |
Source: | Code function: | 5_2_000000018001827C | |
Source: | Code function: | 5_2_0000000180024680 | |
Source: | Code function: | 5_2_0000000180022A84 | |
Source: | Code function: | 5_2_000000018000AE84 | |
Source: | Code function: | 5_2_0000000180028690 | |
Source: | Code function: | 5_2_0000000180015694 | |
Source: | Code function: | 5_2_0000000180007694 | |
Source: | Code function: | 5_2_0000000180013698 | |
Source: | Code function: | 5_2_0000000180009298 | |
Source: | Code function: | 5_2_000000018002629C | |
Source: | Code function: | 5_2_000000018001629C | |
Source: | Code function: | 5_2_000000018000569C | |
Source: | Code function: | 5_2_0000000180027EA4 | |
Source: | Code function: | 5_2_00000001800096B8 | |
Source: | Code function: | 5_2_000000018000EAC4 | |
Source: | Code function: | 5_2_0000000180018ECC | |
Source: | Code function: | 5_2_000000018001B2F0 | |
Source: | Code function: | 5_2_0000000180007AF0 | |
Source: | Code function: | 5_2_000000018000E708 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FFD14673CB0 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_0000000180005DB4 |
Source: | Process created: |
Source: | Mutant created: |
Source: | File read: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFD14668912 | |
Source: | Code function: | 0_2_00007FFD14668384 | |
Source: | Code function: | 0_2_000000018001E0DD | |
Source: | Code function: | 0_2_000000018001E0F1 | |
Source: | Code function: | 0_2_0000000180023128 | |
Source: | Code function: | 0_2_000000018001E5C7 | |
Source: | Code function: | 0_2_0000000180022E56 | |
Source: | Code function: | 0_2_0000000180023A86 | |
Source: | Code function: | 0_2_0000000180022F64 | |
Source: | Code function: | 0_2_000000018000838E | |
Source: | Code function: | 3_2_00007FFD14668912 | |
Source: | Code function: | 3_2_00007FFD14668384 | |
Source: | Code function: | 3_2_000000018001E0DD | |
Source: | Code function: | 3_2_000000018001E0F1 | |
Source: | Code function: | 3_2_0000000180023128 | |
Source: | Code function: | 3_2_000000018001E5C7 | |
Source: | Code function: | 3_2_0000000180022E56 | |
Source: | Code function: | 3_2_0000000180023A86 | |
Source: | Code function: | 3_2_0000000180022F64 | |
Source: | Code function: | 3_2_000000018000838E | |
Source: | Code function: | 4_2_000000018001E0DD | |
Source: | Code function: | 4_2_000000018001E0F1 | |
Source: | Code function: | 4_2_0000000180023128 | |
Source: | Code function: | 4_2_000000018001E5C7 | |
Source: | Code function: | 4_2_0000000180022E56 | |
Source: | Code function: | 4_2_0000000180023A86 | |
Source: | Code function: | 4_2_0000000180022F64 | |
Source: | Code function: | 4_2_000000018000838E | |
Source: | Code function: | 5_2_000000018001E0DD | |
Source: | Code function: | 5_2_000000018001E0F1 | |
Source: | Code function: | 5_2_0000000180023128 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: |
Source: | PE file moved: | Jump to behavior |
Boot Survival |
---|
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FFD1466C334 | |
Source: | Code function: | 3_2_00007FFD1466C334 |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FFD14669474 |
Source: | Code function: | 0_2_00007FFD1466DD90 |
Source: | Code function: | 0_2_00007FFD14669474 | |
Source: | Code function: | 0_2_00007FFD14664944 | |
Source: | Code function: | 0_2_00007FFD14663AD0 | |
Source: | Code function: | 3_2_00007FFD14669474 | |
Source: | Code function: | 3_2_00007FFD14664944 | |
Source: | Code function: | 3_2_00007FFD14663AD0 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00007FFD1466AB50 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FFD14664A94 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 11 Registry Run Keys / Startup Folder | 111 Process Injection | 21 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 11 Registry Run Keys / Startup Folder | 1 Virtualization/Sandbox Evasion | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 111 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Hidden Files and Directories | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Regsvr32 | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Rundll32 | DCSync | 24 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 File Deletion | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
45% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.105.115.71 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
188.165.79.151 | unknown | France | 16276 | OVHFR | true | |
196.44.98.190 | unknown | Ghana | 327814 | EcobandGH | true | |
174.138.33.49 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
36.67.23.59 | unknown | Indonesia | 17974 | TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID | true | |
103.41.204.169 | unknown | Indonesia | 58397 | INFINYS-AS-IDPTInfinysSystemIndonesiaID | true | |
85.214.67.203 | unknown | Germany | 6724 | STRATOSTRATOAGDE | true | |
83.229.80.93 | unknown | United Kingdom | 8513 | SKYVISIONGB | true | |
198.199.70.22 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
93.104.209.107 | unknown | Germany | 8767 | MNET-ASGermanyDE | true | |
186.250.48.5 | unknown | Brazil | 262807 | RedfoxTelecomunicacoesLtdaBR | true | |
209.239.112.82 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
175.126.176.79 | unknown | Korea Republic of | 9523 | MOKWON-AS-KRMokwonUniversityKR | true | |
128.199.242.164 | unknown | United Kingdom | 14061 | DIGITALOCEAN-ASNUS | true | |
178.238.225.252 | unknown | Germany | 51167 | CONTABODE | true | |
46.101.98.60 | unknown | Netherlands | 14061 | DIGITALOCEAN-ASNUS | true | |
190.145.8.4 | unknown | Colombia | 14080 | TelmexColombiaSACO | true | |
82.98.180.154 | unknown | Spain | 42612 | DINAHOSTING-ASES | true | |
103.71.99.57 | unknown | India | 135682 | AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdIN | true | |
87.106.97.83 | unknown | Germany | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
103.254.12.236 | unknown | Viet Nam | 56151 | DIGISTAR-VNDigiStarCompanyLimitedVN | true | |
103.85.95.4 | unknown | Indonesia | 136077 | IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramID | true | |
202.134.4.210 | unknown | Indonesia | 7713 | TELKOMNET-AS-APPTTelekomunikasiIndonesiaID | true | |
165.22.254.236 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
78.47.204.80 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
118.98.72.86 | unknown | Indonesia | 7713 | TELKOMNET-AS-APPTTelekomunikasiIndonesiaID | true | |
139.59.80.108 | unknown | Singapore | 14061 | DIGITALOCEAN-ASNUS | true | |
104.244.79.94 | unknown | United States | 53667 | PONYNETUS | true | |
37.44.244.177 | unknown | Germany | 47583 | AS-HOSTINGERLT | true | |
51.75.33.122 | unknown | France | 16276 | OVHFR | true | |
160.16.143.191 | unknown | Japan | 9370 | SAKURA-BSAKURAInternetIncJP | true | |
103.56.149.105 | unknown | Indonesia | 55688 | BEON-AS-IDPTBeonIntermediaID | true | |
85.25.120.45 | unknown | Germany | 8972 | GD-EMEA-DC-SXB1DE | true | |
139.196.72.155 | unknown | China | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | true | |
115.178.55.22 | unknown | Indonesia | 38783 | SIMAYA-AS-IDPTSimayaJejaringMandiriID | true | |
103.126.216.86 | unknown | Bangladesh | 138482 | SKYVIEW-AS-APSKYVIEWONLINELTDBD | true | |
128.199.217.206 | unknown | United Kingdom | 14061 | DIGITALOCEAN-ASNUS | true | |
114.79.130.68 | unknown | India | 45769 | DVOIS-IND-VoisBroadbandPvtLtdIN | true | |
103.224.241.74 | unknown | India | 133296 | WEBWERKS-AS-INWebWerksIndiaPvtLtdIN | true | |
210.57.209.142 | unknown | Indonesia | 38142 | UNAIR-AS-IDUniversitasAirlanggaID | true | |
202.28.34.99 | unknown | Thailand | 9562 | MSU-TH-APMahasarakhamUniversityTH | true | |
80.211.107.116 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
54.37.228.122 | unknown | France | 16276 | OVHFR | true | |
218.38.121.17 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
185.148.169.10 | unknown | Germany | 44780 | EVERSCALE-ASDE | true | |
195.77.239.39 | unknown | Spain | 60493 | FICOSA-ASES | true | |
178.62.112.199 | unknown | European Union | 14061 | DIGITALOCEAN-ASNUS | true | |
62.171.178.147 | unknown | United Kingdom | 51167 | CONTABODE | true | |
64.227.55.231 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 745001 |
Start date and time: | 2022-11-13 16:53:52 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 46s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | U9M1w8FHBW.exe (renamed file extension from exe to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.troj.evad.winDLL@21/2@0/49 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 93.184.221.240
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, cdn.onenote.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
16:55:34 | API Interceptor | |
16:55:47 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
172.105.115.71 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
188.165.79.151 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
LINODE-APLinodeLLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
OVHFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62919 |
Entropy (8bit): | 7.995280921994772 |
Encrypted: | true |
SSDEEP: | 1536:d+OfVxHl7Wyf11lYom3xQcRVOtPHwQV4rP6Ji7:d+OxHxJlZcuPt4b6q |
MD5: | 3DCF580A93972319E82CAFBC047D34D5 |
SHA1: | 8528D2A1363E5DE77DC3B1142850E51EAD0F4B6B |
SHA-256: | 40810E31F1B69075C727E6D557F9614D5880112895FF6F4DF1767E87AE5640D1 |
SHA-512: | 98384BE7218340F95DAE88D1CB865F23A0B4E12855BEB6E74A3752274C9B4C601E493864DB777BCA677A370D0A9DBFFD68D94898A82014537F3A801CCE839C42 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.102438432618431 |
Encrypted: | false |
SSDEEP: | 6:kKbPN1HlNiN+SkQlPlEGYRMY9z+4KlDA3RUeKlTAlWRyf1:T1/kPlE99SNxAhUexYo1 |
MD5: | C5D574CB0C172F23F4FA0A6CD46F58FA |
SHA1: | B31906B042211A40976D19F1D9733F5A5CA0BC06 |
SHA-256: | C159ED77B959AC8C54DC9B7120E33F2E194DB6D34DD64C6F2D661C1582830866 |
SHA-512: | 92280E06A092C84EB8FE47D57AC8B50370538AFF81C0993D2FD785174BD491312E61A0C5648569F951462E0534B6D2FD9C6B4976493A4C37BB8CA043ACABB5C0 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.619158532207453 |
TrID: |
|
File name: | U9M1w8FHBW.dll |
File size: | 528896 |
MD5: | deab9f2826fa9d755e77a010c51effb8 |
SHA1: | a44e1cd6ca3c8c7bad9ad286ba9e19ab2a6e8190 |
SHA256: | b3dbb3902ed3e35a1f314f2b9385c2f020d4182cf0e93a9157cb0275548d72cc |
SHA512: | 630eeb1693b7883ce84c539d929dcb73aca68b6247793f3aa8b19f5f8faa13c5cd5397afbdf8271bacc8733d96b47106049ac893fdb83d2c04ace7c97623f060 |
SSDEEP: | 6144:mW1239bnTe+0Qv7NSEBj43USaI6Y/jOpxHRikSYI+QALgIJ1divndEXTn:mW1e9PeexPBjvKSpuvYI+TLgs1dcEXT |
TLSH: | 53B4F829A59E76F0C951A1F5A0420B1595F33C88FEF68EAF03502F296F6F24425F768C |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................$...s...$...............................$.......$...............`.......`.......e.h.....`.......Rich........... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x1800044e0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x636D6724 [Thu Nov 10 21:03:32 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 81146e0614ccc4eb7174ad2ad695dedb |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007FA07479D587h |
call 00007FA07479DB18h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007FA07479D3FCh |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
mov eax, edx |
dec eax |
lea ecx, dword ptr [00033F0Dh] |
dec eax |
mov dword ptr [ebx], ecx |
dec eax |
lea edx, dword ptr [ebx+08h] |
xor ecx, ecx |
dec eax |
mov dword ptr [edx], ecx |
dec eax |
mov dword ptr [edx+08h], ecx |
dec eax |
lea ecx, dword ptr [eax+08h] |
call 00007FA07479FD81h |
dec eax |
lea eax, dword ptr [00033F1Dh] |
dec eax |
mov dword ptr [ebx], eax |
dec eax |
mov eax, ebx |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
xor eax, eax |
dec eax |
mov dword ptr [ecx+10h], eax |
dec eax |
lea eax, dword ptr [00033F13h] |
dec eax |
mov dword ptr [ecx+08h], eax |
dec eax |
lea eax, dword ptr [00033EF8h] |
dec eax |
mov dword ptr [ecx], eax |
dec eax |
mov eax, ecx |
ret |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
mov eax, edx |
dec eax |
lea ecx, dword ptr [00033EADh] |
dec eax |
mov dword ptr [ebx], ecx |
dec eax |
lea edx, dword ptr [ebx+08h] |
xor ecx, ecx |
dec eax |
mov dword ptr [edx], ecx |
dec eax |
mov dword ptr [edx+08h], ecx |
dec eax |
lea ecx, dword ptr [eax+08h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x7cda0 | 0x58 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7cdf8 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x87000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x82000 | 0x192c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x88000 | 0x66c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x7a410 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x7a430 | 0x94 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x38000 | 0x370 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x36fd5 | 0x37000 | False | 0.38967507102272725 | data | 5.930785005703424 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x38000 | 0x4597a | 0x45a00 | False | 0.6705179813734291 | data | 6.275471599318942 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x7e000 | 0x3394 | 0xc00 | False | 0.18294270833333334 | DOS executable (block device driver \337-\231+]) | 2.573523630872546 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x82000 | 0x192c | 0x1a00 | False | 0.4794170673076923 | data | 5.1711441720039435 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gfids | 0x84000 | 0xdc | 0x200 | False | 0.244140625 | Spectrum .TAP data "6 " - BASIC program | 1.1531659578770692 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gxfg | 0x85000 | 0x1000 | 0x1000 | False | 0.44091796875 | data | 5.088628746947821 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gehcont | 0x86000 | 0xc | 0x200 | False | 0.0390625 | data | 0.06116285224115448 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x87000 | 0x1e0 | 0x200 | False | 0.52734375 | data | 4.724728911998389 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x88000 | 0x66c | 0x800 | False | 0.537109375 | data | 4.9054360857170005 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0x87060 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapReAlloc, HeapSize, SetFilePointerEx, ExitProcess, GetStdHandle, GetProcessHeap, CreateFileW, CloseHandle, GetStringTypeW, LCMapStringW, GetFileType, VirtualAlloc, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, EncodePointer, RaiseException, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, WriteConsoleW |
USER32.dll | EndPaint, BeginPaint, InvalidateRect, GetMessageW, DefWindowProcW, CloseTouchInputHandle, GetTouchInputInfo, DestroyWindow, MessageBoxW, CreateWindowExW, RegisterClassExW, LoadStringW, ShowWindow, DispatchMessageW, RegisterTouchWindow, MessageBoxA, UnregisterTouchWindow, TranslateAcceleratorW, TranslateMessage, LoadCursorW, PostQuitMessage, UpdateWindow |
GDI32.dll | Polyline, LineTo, CreatePen, MoveToEx, DeleteObject, SelectObject |
ole32.dll | CoUninitialize, CoCreateInstance, CoInitialize |
CRYPT32.dll | CryptStringToBinaryA |
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x180013f70 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.6115.178.55.2249714802404304 11/13/22-16:55:33.271971 | TCP | 2404304 | ET CNC Feodo Tracker Reported CnC Server TCP group 3 | 49714 | 80 | 192.168.2.6 | 115.178.55.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 13, 2022 16:55:33.271970987 CET | 49714 | 80 | 192.168.2.6 | 115.178.55.22 |
Nov 13, 2022 16:55:33.564613104 CET | 80 | 49714 | 115.178.55.22 | 192.168.2.6 |
Nov 13, 2022 16:55:34.070009947 CET | 49714 | 80 | 192.168.2.6 | 115.178.55.22 |
Nov 13, 2022 16:55:34.362401962 CET | 80 | 49714 | 115.178.55.22 | 192.168.2.6 |
Nov 13, 2022 16:55:34.866997957 CET | 49714 | 80 | 192.168.2.6 | 115.178.55.22 |
Nov 13, 2022 16:55:35.159483910 CET | 80 | 49714 | 115.178.55.22 | 192.168.2.6 |
Nov 13, 2022 16:55:40.693451881 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:40.859991074 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:40.860174894 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:40.866486073 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:41.032926083 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:41.052969933 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:41.053008080 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:41.053162098 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:41.117094040 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:41.284293890 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:41.289948940 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:41.336256981 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:43.595828056 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:43.595891953 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:43.762207031 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:43.762233019 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:44.387545109 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:44.445959091 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:47.390136003 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:47.390193939 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:47.390431881 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:47.390733004 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:47.390856981 CET | 49718 | 8080 | 192.168.2.6 | 172.105.115.71 |
Nov 13, 2022 16:55:47.556953907 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Nov 13, 2022 16:55:47.557010889 CET | 8080 | 49718 | 172.105.115.71 | 192.168.2.6 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:54:46 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7a38b0000 |
File size: | 139776 bytes |
MD5 hash: | C676FC0263EDD17D4CE7D644B8F3FCD6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 1 |
Start time: | 16:54:46 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6da640000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 16:54:46 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7cb270000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 16:54:47 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69c730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 4 |
Start time: | 16:54:47 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e96f0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 5 |
Start time: | 16:54:47 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e96f0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 6 |
Start time: | 16:54:52 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69c730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 7 |
Start time: | 16:54:52 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69c730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 8 |
Start time: | 16:54:53 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69c730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 9 |
Start time: | 16:54:54 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69c730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 17 |
Start time: | 16:55:55 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69c730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 18 |
Start time: | 16:56:02 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff69c730000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 10.2% |
Dynamic/Decrypted Code Coverage: | 3% |
Signature Coverage: | 10.4% |
Total number of Nodes: | 692 |
Total number of Limit Nodes: | 8 |
Graph
Function 00007FFD14673FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747COMMONCrypto
Control-flow Graph
C-Code - Quality: 25% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002A683650000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14662600 Relevance: 9.1, APIs: 6, Instructions: 114COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466BA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14661910 Relevance: 7.6, APIs: 5, Instructions: 59COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146613A0 Relevance: 7.6, APIs: 5, Instructions: 52COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14679510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59memoryCOMMON
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146612B0 Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14673F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466A9DC Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146622B0 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466AAD0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466AA18 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14673CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14669474 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14671910 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14679410 Relevance: 3.1, APIs: 2, Instructions: 60encryptionCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015694 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001B2F0 Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000741C Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001629C Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466ABC0 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013698 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180011DAC Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000D1AC Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180020930 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E570 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013524 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015508 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180017198 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001E614 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013B88 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000BE34 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180012110 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800197AC Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180020D54 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E828 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180022B8C Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E368 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015400 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466AB50 Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 86% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489COMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14669C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466EB68 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14661CE0 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14661DF0 Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14671004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14672EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14673ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 10% |
Dynamic/Decrypted Code Coverage: | 2.3% |
Signature Coverage: | 0% |
Total number of Nodes: | 899 |
Total number of Limit Nodes: | 7 |
Graph
Function 00007FFD14673FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747COMMONCrypto
Control-flow Graph
C-Code - Quality: 25% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01F50000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14662600 Relevance: 9.1, APIs: 6, Instructions: 114COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14661910 Relevance: 7.6, APIs: 5, Instructions: 59COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146613A0 Relevance: 7.6, APIs: 5, Instructions: 52COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14679510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59memoryCOMMON
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146612B0 Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14673F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466A9DC Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146622B0 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466AAD0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466AA18 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14669474 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14673CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489COMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD146728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466BA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14669C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466EB68 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14661CE0 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14661DF0 Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14671004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14672EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD14673ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFD1466472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 12.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 46 |
Total number of Limit Nodes: | 2 |
Graph
Function 000002735FD40000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 12.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 46 |
Total number of Limit Nodes: | 2 |
Graph
Function 0000018849600000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 17.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 51 |
Total number of Limit Nodes: | 5 |
Graph
Function 01070000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013CEC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 11.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 41 |
Total number of Limit Nodes: | 3 |
Graph
Function 00CA0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |