Windows
Analysis Report
BiiRGnhWx8.exe
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 4556 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\Bii RGnhWx8.dl l" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6) - conhost.exe (PID: 3096 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 5932 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\Bii RGnhWx8.dl l",#1 MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - rundll32.exe (PID: 3088 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\BiiR GnhWx8.dll ",#1 MD5: 73C519F050C20580F8A62C849D49215A) - regsvr32.exe (PID: 1064 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\JEHCjt epagfsrQz\ jHBB.dll" MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 5104 cmdline:
regsvr32.e xe /s C:\U sers\user\ Desktop\Bi iRGnhWx8.d ll MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 4684 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\IDqnZe PrFBC\qFcZ EWbJbr.dll " MD5: D78B75FC68247E8A63ACBA846182740E) - rundll32.exe (PID: 6088 cmdline:
rundll32.e xe C:\User s\user\Des ktop\BiiRG nhWx8.dll, DllRegiste rServer MD5: 73C519F050C20580F8A62C849D49215A) - regsvr32.exe (PID: 3692 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\HdSKRz l\HIWJamnk zbbhMRYe.d ll" MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 2904 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Win dows\syste m32\FTRWIn MVKbBAM\Oq Xi.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
- regsvr32.exe (PID: 4520 cmdline:
C:\Windows \system32\ regsvr32.e xe" "C:\Wi ndows\syst em32\JEHCj tepagfsrQz \jHBB.dll MD5: D78B75FC68247E8A63ACBA846182740E) - regsvr32.exe (PID: 1792 cmdline:
C:\Windows \system32\ regsvr32.e xe "C:\Use rs\user\Ap pData\Loca l\CFQcAaf\ alGqQjfnqe ipsC.dll" MD5: D78B75FC68247E8A63ACBA846182740E)
- cleanup
{"C2 list": ["172.105.115.71:8080", "218.38.121.17:443", "186.250.48.5:443", "103.71.99.57:8080", "85.214.67.203:8080", "85.25.120.45:8080", "139.196.72.155:8080", "103.85.95.4:8080", "198.199.70.22:8080", "209.239.112.82:8080", "78.47.204.80:443", "36.67.23.59:443", "104.244.79.94:443", "62.171.178.147:8080", "195.77.239.39:8080", "103.56.149.105:8080", "80.211.107.116:8080", "93.104.209.107:8080", "174.138.33.49:7080", "202.28.34.99:8080", "178.62.112.199:8080", "114.79.130.68:443", "118.98.72.86:443", "103.41.204.169:8080", "178.238.225.252:8080", "83.229.80.93:8080", "46.101.98.60:8080", "82.98.180.154:7080", "87.106.97.83:7080", "196.44.98.190:8080", "139.59.80.108:8080", "103.224.241.74:8080", "103.254.12.236:7080", "185.148.169.10:8080", "165.22.254.236:8080", "37.44.244.177:8080", "54.37.228.122:443", "51.75.33.122:443", "128.199.217.206:443", "188.165.79.151:443", "210.57.209.142:8080", "160.16.143.191:8080", "175.126.176.79:8080", "202.134.4.210:7080", "103.126.216.86:443", "190.145.8.4:443", "128.199.242.164:8080", "64.227.55.231:8080"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 7 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet_1 | Yara detected Emotet | Joe Security | ||
Click to see the 7 entries |
Timestamp: | 192.168.2.5115.178.55.2249705802404304 11/13/22-18:17:19.238937 |
SID: | 2404304 |
Source Port: | 49705 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Malware Configuration Extractor: |
Source: | Code function: | 0_2_00007FFA0AE79410 | |
Source: | Code function: | 3_2_00007FFA0AE79410 |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFA0AE6C334 | |
Source: | Code function: | 3_2_00007FFA0AE6C334 |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | ASN Name: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File deleted: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00007FFA0AE73FB0 | |
Source: | Code function: | 0_2_00007FFA0AE6A370 | |
Source: | Code function: | 0_2_00007FFA0AE6C334 | |
Source: | Code function: | 0_2_00007FFA0AE6ABC0 | |
Source: | Code function: | 0_2_00007FFA0AE71910 | |
Source: | Code function: | 0_2_0000000180020454 | |
Source: | Code function: | 0_2_0000000180028C94 | |
Source: | Code function: | 0_2_00000001800038A5 | |
Source: | Code function: | 0_2_00000001800248E0 | |
Source: | Code function: | 0_2_0000000180005DB4 | |
Source: | Code function: | 0_2_0000000180004DDC | |
Source: | Code function: | 0_2_000000018000B1E0 | |
Source: | Code function: | 0_2_0000000180009E38 | |
Source: | Code function: | 0_2_0000000180003BE8 | |
Source: | Code function: | 0_2_0000000180009BEC | |
Source: | Code function: | 0_2_00000001800173F8 | |
Source: | Code function: | 0_2_0000000180017BF8 | |
Source: | Code function: | 0_2_0000000180015400 | |
Source: | Code function: | 0_2_0000000180001000 | |
Source: | Code function: | 0_2_000000018000741C | |
Source: | Code function: | 0_2_000000018000E828 | |
Source: | Code function: | 0_2_0000000180002834 | |
Source: | Code function: | 0_2_0000000180014C48 | |
Source: | Code function: | 0_2_000000018002005C | |
Source: | Code function: | 0_2_0000000180016464 | |
Source: | Code function: | 0_2_0000000180005478 | |
Source: | Code function: | 0_2_0000000180006880 | |
Source: | Code function: | 0_2_000000018002748C | |
Source: | Code function: | 0_2_000000018001308C | |
Source: | Code function: | 0_2_0000000180024098 | |
Source: | Code function: | 0_2_000000018001B898 | |
Source: | Code function: | 0_2_000000018000C498 | |
Source: | Code function: | 0_2_0000000180004CA0 | |
Source: | Code function: | 0_2_00000001800110AC | |
Source: | Code function: | 0_2_00000001800148B0 | |
Source: | Code function: | 0_2_00000001800078B6 | |
Source: | Code function: | 0_2_0000000180001CCC | |
Source: | Code function: | 0_2_000000018000B8D0 | |
Source: | Code function: | 0_2_00000001800198DC | |
Source: | Code function: | 0_2_00000001800038DC | |
Source: | Code function: | 0_2_00000001800264F8 | |
Source: | Code function: | 0_2_00000001800084F8 | |
Source: | Code function: | 0_2_000000018000BD00 | |
Source: | Code function: | 0_2_0000000180015508 | |
Source: | Code function: | 0_2_0000000180018D0C | |
Source: | Code function: | 0_2_0000000180012110 | |
Source: | Code function: | 0_2_000000018001B520 | |
Source: | Code function: | 0_2_0000000180029124 | |
Source: | Code function: | 0_2_0000000180013524 | |
Source: | Code function: | 0_2_0000000180009D24 | |
Source: | Code function: | 0_2_0000000180023D28 | |
Source: | Code function: | 0_2_0000000180002128 | |
Source: | Code function: | 0_2_0000000180020930 | |
Source: | Code function: | 0_2_0000000180009144 | |
Source: | Code function: | 0_2_000000018001F550 | |
Source: | Code function: | 0_2_0000000180020D54 | |
Source: | Code function: | 0_2_0000000180010954 | |
Source: | Code function: | 0_2_0000000180018560 | |
Source: | Code function: | 0_2_000000018000E570 | |
Source: | Code function: | 0_2_000000018001C974 | |
Source: | Code function: | 0_2_000000018000F174 | |
Source: | Code function: | 0_2_0000000180025D84 | |
Source: | Code function: | 0_2_0000000180005590 | |
Source: | Code function: | 0_2_0000000180017198 | |
Source: | Code function: | 0_2_00000001800159A0 | |
Source: | Code function: | 0_2_0000000180011DAC | |
Source: | Code function: | 0_2_000000018000D1AC | |
Source: | Code function: | 0_2_00000001800069C0 | |
Source: | Code function: | 0_2_000000018000A1D4 | |
Source: | Code function: | 0_2_00000001800079D8 | |
Source: | Code function: | 0_2_000000018001C1DC | |
Source: | Code function: | 0_2_000000018000D1E0 | |
Source: | Code function: | 0_2_00000001800199E8 | |
Source: | Code function: | 0_2_00000001800099EC | |
Source: | Code function: | 0_2_0000000180028A04 | |
Source: | Code function: | 0_2_000000018001FA08 | |
Source: | Code function: | 0_2_000000018001E614 | |
Source: | Code function: | 0_2_0000000180001A1C | |
Source: | Code function: | 0_2_000000018000BA24 | |
Source: | Code function: | 0_2_0000000180021A2C | |
Source: | Code function: | 0_2_0000000180019230 | |
Source: | Code function: | 0_2_000000018000BE34 | |
Source: | Code function: | 0_2_0000000180012244 | |
Source: | Code function: | 0_2_0000000180006650 | |
Source: | Code function: | 0_2_0000000180001660 | |
Source: | Code function: | 0_2_0000000180011664 | |
Source: | Code function: | 0_2_000000018001827C | |
Source: | Code function: | 0_2_0000000180024680 | |
Source: | Code function: | 0_2_0000000180022A84 | |
Source: | Code function: | 0_2_000000018000AE84 | |
Source: | Code function: | 0_2_0000000180028690 | |
Source: | Code function: | 0_2_0000000180015694 | |
Source: | Code function: | 0_2_0000000180007694 | |
Source: | Code function: | 0_2_0000000180013698 | |
Source: | Code function: | 0_2_0000000180009298 | |
Source: | Code function: | 0_2_000000018002629C | |
Source: | Code function: | 0_2_000000018001629C | |
Source: | Code function: | 0_2_000000018000569C | |
Source: | Code function: | 0_2_0000000180027EA4 | |
Source: | Code function: | 0_2_00000001800096B8 | |
Source: | Code function: | 0_2_000000018000EAC4 | |
Source: | Code function: | 0_2_0000000180018ECC | |
Source: | Code function: | 0_2_000000018001B2F0 | |
Source: | Code function: | 0_2_0000000180007AF0 | |
Source: | Code function: | 0_2_000000018000E708 | |
Source: | Code function: | 0_2_0000000180010310 | |
Source: | Code function: | 0_2_0000000180015B18 | |
Source: | Code function: | 0_2_000000018000871C | |
Source: | Code function: | 0_2_0000000180021728 | |
Source: | Code function: | 0_2_000000018001D32C | |
Source: | Code function: | 0_2_000000018001CF30 | |
Source: | Code function: | 0_2_0000000180015334 | |
Source: | Code function: | 0_2_000000018000A734 | |
Source: | Code function: | 0_2_0000000180027348 | |
Source: | Code function: | 0_2_0000000180004B4C | |
Source: | Code function: | 0_2_0000000180001B5C | |
Source: | Code function: | 0_2_0000000180006B5C | |
Source: | Code function: | 0_2_0000000180001364 | |
Source: | Code function: | 0_2_000000018000FF64 | |
Source: | Code function: | 0_2_000000018000C364 | |
Source: | Code function: | 0_2_000000018000E368 | |
Source: | Code function: | 0_2_000000018001E76C | |
Source: | Code function: | 0_2_0000000180018778 | |
Source: | Code function: | 0_2_0000000180012780 | |
Source: | Code function: | 0_2_000000018001FB88 | |
Source: | Code function: | 0_2_0000000180013B88 | |
Source: | Code function: | 0_2_0000000180022B8C | |
Source: | Code function: | 0_2_000000018000CB8D | |
Source: | Code function: | 0_2_0000000180008FA0 | |
Source: | Code function: | 0_2_0000000180014FA4 | |
Source: | Code function: | 0_2_00000001800197AC | |
Source: | Code function: | 0_2_00000001800257B4 | |
Source: | Code function: | 0_2_0000000180013FE0 | |
Source: | Code function: | 0_2_000000018000F3E0 | |
Source: | Code function: | 0_2_00000239F38C0000 | |
Source: | Code function: | 3_2_00007FFA0AE73FB0 | |
Source: | Code function: | 3_2_00007FFA0AE6A370 | |
Source: | Code function: | 3_2_00007FFA0AE6C334 | |
Source: | Code function: | 3_2_00007FFA0AE6ABC0 | |
Source: | Code function: | 3_2_00007FFA0AE71910 | |
Source: | Code function: | 3_2_00800000 | |
Source: | Code function: | 3_2_0000000180020454 | |
Source: | Code function: | 3_2_0000000180028C94 | |
Source: | Code function: | 3_2_00000001800038A5 | |
Source: | Code function: | 3_2_00000001800248E0 | |
Source: | Code function: | 3_2_0000000180005DB4 | |
Source: | Code function: | 3_2_0000000180004DDC | |
Source: | Code function: | 3_2_000000018000B1E0 | |
Source: | Code function: | 3_2_0000000180009E38 | |
Source: | Code function: | 3_2_0000000180003BE8 | |
Source: | Code function: | 3_2_0000000180009BEC | |
Source: | Code function: | 3_2_00000001800173F8 | |
Source: | Code function: | 3_2_0000000180017BF8 | |
Source: | Code function: | 3_2_0000000180015400 | |
Source: | Code function: | 3_2_0000000180001000 | |
Source: | Code function: | 3_2_000000018000741C | |
Source: | Code function: | 3_2_000000018000E828 | |
Source: | Code function: | 3_2_0000000180002834 | |
Source: | Code function: | 3_2_0000000180014C48 | |
Source: | Code function: | 3_2_000000018002005C | |
Source: | Code function: | 3_2_0000000180016464 | |
Source: | Code function: | 3_2_0000000180005478 | |
Source: | Code function: | 3_2_0000000180006880 | |
Source: | Code function: | 3_2_000000018002748C | |
Source: | Code function: | 3_2_000000018001308C | |
Source: | Code function: | 3_2_0000000180024098 | |
Source: | Code function: | 3_2_000000018001B898 | |
Source: | Code function: | 3_2_000000018000C498 | |
Source: | Code function: | 3_2_0000000180004CA0 | |
Source: | Code function: | 3_2_00000001800110AC | |
Source: | Code function: | 3_2_00000001800148B0 | |
Source: | Code function: | 3_2_00000001800078B6 | |
Source: | Code function: | 3_2_0000000180001CCC | |
Source: | Code function: | 3_2_000000018000B8D0 | |
Source: | Code function: | 3_2_00000001800198DC | |
Source: | Code function: | 3_2_00000001800038DC | |
Source: | Code function: | 3_2_00000001800264F8 | |
Source: | Code function: | 3_2_00000001800084F8 | |
Source: | Code function: | 3_2_000000018000BD00 | |
Source: | Code function: | 3_2_0000000180015508 | |
Source: | Code function: | 3_2_0000000180018D0C | |
Source: | Code function: | 3_2_0000000180012110 | |
Source: | Code function: | 3_2_000000018001B520 | |
Source: | Code function: | 3_2_0000000180029124 | |
Source: | Code function: | 3_2_0000000180013524 | |
Source: | Code function: | 3_2_0000000180009D24 | |
Source: | Code function: | 3_2_0000000180023D28 | |
Source: | Code function: | 3_2_0000000180002128 | |
Source: | Code function: | 3_2_0000000180020930 | |
Source: | Code function: | 3_2_0000000180009144 | |
Source: | Code function: | 3_2_000000018001F550 | |
Source: | Code function: | 3_2_0000000180020D54 | |
Source: | Code function: | 3_2_0000000180010954 | |
Source: | Code function: | 3_2_0000000180018560 | |
Source: | Code function: | 3_2_000000018000E570 | |
Source: | Code function: | 3_2_000000018001C974 | |
Source: | Code function: | 3_2_000000018000F174 | |
Source: | Code function: | 3_2_0000000180025D84 | |
Source: | Code function: | 3_2_0000000180005590 | |
Source: | Code function: | 3_2_0000000180017198 | |
Source: | Code function: | 3_2_00000001800159A0 | |
Source: | Code function: | 3_2_0000000180011DAC | |
Source: | Code function: | 3_2_000000018000D1AC | |
Source: | Code function: | 3_2_00000001800069C0 | |
Source: | Code function: | 3_2_000000018000A1D4 | |
Source: | Code function: | 3_2_00000001800079D8 | |
Source: | Code function: | 3_2_000000018001C1DC | |
Source: | Code function: | 3_2_000000018000D1E0 | |
Source: | Code function: | 3_2_00000001800199E8 | |
Source: | Code function: | 3_2_00000001800099EC | |
Source: | Code function: | 3_2_0000000180028A04 | |
Source: | Code function: | 3_2_000000018001FA08 | |
Source: | Code function: | 3_2_000000018001E614 | |
Source: | Code function: | 3_2_0000000180001A1C | |
Source: | Code function: | 3_2_000000018000BA24 | |
Source: | Code function: | 3_2_0000000180021A2C | |
Source: | Code function: | 3_2_0000000180019230 | |
Source: | Code function: | 3_2_000000018000BE34 | |
Source: | Code function: | 3_2_0000000180012244 | |
Source: | Code function: | 3_2_0000000180006650 | |
Source: | Code function: | 3_2_0000000180001660 | |
Source: | Code function: | 3_2_0000000180011664 | |
Source: | Code function: | 3_2_000000018001827C | |
Source: | Code function: | 3_2_0000000180024680 | |
Source: | Code function: | 3_2_0000000180022A84 | |
Source: | Code function: | 3_2_000000018000AE84 | |
Source: | Code function: | 3_2_0000000180028690 | |
Source: | Code function: | 3_2_0000000180015694 | |
Source: | Code function: | 3_2_0000000180007694 | |
Source: | Code function: | 3_2_0000000180013698 | |
Source: | Code function: | 3_2_0000000180009298 | |
Source: | Code function: | 3_2_000000018002629C | |
Source: | Code function: | 3_2_000000018001629C | |
Source: | Code function: | 3_2_000000018000569C | |
Source: | Code function: | 3_2_0000000180027EA4 | |
Source: | Code function: | 3_2_00000001800096B8 | |
Source: | Code function: | 3_2_000000018000EAC4 | |
Source: | Code function: | 3_2_0000000180018ECC | |
Source: | Code function: | 3_2_000000018001B2F0 | |
Source: | Code function: | 3_2_0000000180007AF0 | |
Source: | Code function: | 3_2_000000018000E708 | |
Source: | Code function: | 3_2_0000000180010310 | |
Source: | Code function: | 3_2_0000000180015B18 | |
Source: | Code function: | 3_2_000000018000871C | |
Source: | Code function: | 3_2_0000000180021728 | |
Source: | Code function: | 3_2_000000018001D32C | |
Source: | Code function: | 3_2_000000018001CF30 | |
Source: | Code function: | 3_2_0000000180015334 | |
Source: | Code function: | 3_2_000000018000A734 | |
Source: | Code function: | 3_2_0000000180027348 | |
Source: | Code function: | 3_2_0000000180004B4C | |
Source: | Code function: | 3_2_0000000180001B5C | |
Source: | Code function: | 3_2_0000000180006B5C | |
Source: | Code function: | 3_2_0000000180001364 | |
Source: | Code function: | 3_2_000000018000FF64 | |
Source: | Code function: | 3_2_000000018000C364 | |
Source: | Code function: | 3_2_000000018000E368 | |
Source: | Code function: | 3_2_000000018001E76C | |
Source: | Code function: | 3_2_0000000180018778 | |
Source: | Code function: | 3_2_0000000180012780 | |
Source: | Code function: | 3_2_000000018001FB88 | |
Source: | Code function: | 3_2_0000000180013B88 | |
Source: | Code function: | 3_2_0000000180022B8C | |
Source: | Code function: | 3_2_000000018000CB8D | |
Source: | Code function: | 3_2_0000000180008FA0 | |
Source: | Code function: | 3_2_0000000180014FA4 | |
Source: | Code function: | 3_2_00000001800197AC | |
Source: | Code function: | 3_2_00000001800257B4 | |
Source: | Code function: | 3_2_0000000180013FE0 | |
Source: | Code function: | 3_2_000000018000F3E0 | |
Source: | Code function: | 4_2_0000000180020454 | |
Source: | Code function: | 4_2_0000000180028C94 | |
Source: | Code function: | 4_2_00000001800038A5 | |
Source: | Code function: | 4_2_00000001800248E0 | |
Source: | Code function: | 4_2_0000000180009144 | |
Source: | Code function: | 4_2_0000000180005DB4 | |
Source: | Code function: | 4_2_0000000180004DDC | |
Source: | Code function: | 4_2_000000018000B1E0 | |
Source: | Code function: | 4_2_0000000180009E38 | |
Source: | Code function: | 4_2_0000000180003BE8 | |
Source: | Code function: | 4_2_0000000180009BEC | |
Source: | Code function: | 4_2_00000001800173F8 | |
Source: | Code function: | 4_2_0000000180017BF8 | |
Source: | Code function: | 4_2_0000000180015400 | |
Source: | Code function: | 4_2_0000000180001000 | |
Source: | Code function: | 4_2_000000018000741C | |
Source: | Code function: | 4_2_000000018000E828 | |
Source: | Code function: | 4_2_0000000180002834 | |
Source: | Code function: | 4_2_0000000180014C48 | |
Source: | Code function: | 4_2_000000018002005C | |
Source: | Code function: | 4_2_0000000180016464 | |
Source: | Code function: | 4_2_0000000180005478 | |
Source: | Code function: | 4_2_0000000180006880 | |
Source: | Code function: | 4_2_000000018002748C | |
Source: | Code function: | 4_2_000000018001308C | |
Source: | Code function: | 4_2_0000000180024098 | |
Source: | Code function: | 4_2_000000018001B898 | |
Source: | Code function: | 4_2_000000018000C498 | |
Source: | Code function: | 4_2_0000000180004CA0 | |
Source: | Code function: | 4_2_00000001800110AC | |
Source: | Code function: | 4_2_00000001800148B0 | |
Source: | Code function: | 4_2_00000001800078B6 | |
Source: | Code function: | 4_2_0000000180001CCC | |
Source: | Code function: | 4_2_000000018000B8D0 | |
Source: | Code function: | 4_2_00000001800198DC | |
Source: | Code function: | 4_2_00000001800038DC | |
Source: | Code function: | 4_2_00000001800264F8 | |
Source: | Code function: | 4_2_00000001800084F8 | |
Source: | Code function: | 4_2_000000018000BD00 | |
Source: | Code function: | 4_2_0000000180015508 | |
Source: | Code function: | 4_2_0000000180018D0C | |
Source: | Code function: | 4_2_0000000180012110 | |
Source: | Code function: | 4_2_000000018001B520 | |
Source: | Code function: | 4_2_0000000180029124 | |
Source: | Code function: | 4_2_0000000180013524 | |
Source: | Code function: | 4_2_0000000180009D24 | |
Source: | Code function: | 4_2_0000000180023D28 | |
Source: | Code function: | 4_2_0000000180002128 | |
Source: | Code function: | 4_2_0000000180020930 | |
Source: | Code function: | 4_2_000000018001F550 | |
Source: | Code function: | 4_2_0000000180020D54 | |
Source: | Code function: | 4_2_0000000180010954 | |
Source: | Code function: | 4_2_0000000180018560 | |
Source: | Code function: | 4_2_000000018000E570 | |
Source: | Code function: | 4_2_000000018001C974 | |
Source: | Code function: | 4_2_000000018000F174 | |
Source: | Code function: | 4_2_0000000180025D84 | |
Source: | Code function: | 4_2_0000000180005590 | |
Source: | Code function: | 4_2_0000000180017198 | |
Source: | Code function: | 4_2_00000001800159A0 | |
Source: | Code function: | 4_2_0000000180011DAC | |
Source: | Code function: | 4_2_000000018000D1AC | |
Source: | Code function: | 4_2_00000001800069C0 | |
Source: | Code function: | 4_2_000000018000A1D4 | |
Source: | Code function: | 4_2_00000001800079D8 | |
Source: | Code function: | 4_2_000000018001C1DC | |
Source: | Code function: | 4_2_000000018000D1E0 | |
Source: | Code function: | 4_2_00000001800199E8 | |
Source: | Code function: | 4_2_00000001800099EC | |
Source: | Code function: | 4_2_0000000180028A04 | |
Source: | Code function: | 4_2_000000018001FA08 | |
Source: | Code function: | 4_2_000000018001E614 | |
Source: | Code function: | 4_2_0000000180001A1C | |
Source: | Code function: | 4_2_000000018000BA24 | |
Source: | Code function: | 4_2_0000000180021A2C | |
Source: | Code function: | 4_2_0000000180019230 | |
Source: | Code function: | 4_2_000000018000BE34 | |
Source: | Code function: | 4_2_0000000180012244 | |
Source: | Code function: | 4_2_0000000180006650 | |
Source: | Code function: | 4_2_0000000180001660 | |
Source: | Code function: | 4_2_0000000180011664 | |
Source: | Code function: | 4_2_000000018001827C | |
Source: | Code function: | 4_2_0000000180024680 | |
Source: | Code function: | 4_2_0000000180022A84 | |
Source: | Code function: | 4_2_000000018000AE84 | |
Source: | Code function: | 4_2_0000000180028690 | |
Source: | Code function: | 4_2_0000000180015694 | |
Source: | Code function: | 4_2_0000000180007694 | |
Source: | Code function: | 4_2_0000000180013698 | |
Source: | Code function: | 4_2_0000000180009298 | |
Source: | Code function: | 4_2_000000018002629C | |
Source: | Code function: | 4_2_000000018001629C | |
Source: | Code function: | 4_2_000000018000569C | |
Source: | Code function: | 4_2_0000000180027EA4 | |
Source: | Code function: | 4_2_00000001800096B8 | |
Source: | Code function: | 4_2_000000018000EAC4 | |
Source: | Code function: | 4_2_0000000180018ECC | |
Source: | Code function: | 4_2_000000018001B2F0 | |
Source: | Code function: | 4_2_0000000180007AF0 | |
Source: | Code function: | 4_2_000000018000E708 | |
Source: | Code function: | 4_2_0000000180010310 | |
Source: | Code function: | 4_2_0000000180015B18 | |
Source: | Code function: | 4_2_000000018000871C | |
Source: | Code function: | 4_2_0000000180021728 | |
Source: | Code function: | 4_2_000000018001D32C | |
Source: | Code function: | 4_2_000000018001CF30 | |
Source: | Code function: | 4_2_0000000180015334 | |
Source: | Code function: | 4_2_000000018000A734 | |
Source: | Code function: | 4_2_0000000180027348 | |
Source: | Code function: | 4_2_0000000180004B4C | |
Source: | Code function: | 4_2_0000000180006B5C | |
Source: | Code function: | 4_2_0000000180001B5C | |
Source: | Code function: | 4_2_0000000180001364 | |
Source: | Code function: | 4_2_000000018000FF64 | |
Source: | Code function: | 4_2_000000018000C364 | |
Source: | Code function: | 4_2_000000018000E368 | |
Source: | Code function: | 4_2_000000018001E76C | |
Source: | Code function: | 4_2_0000000180018778 | |
Source: | Code function: | 4_2_0000000180012780 | |
Source: | Code function: | 4_2_000000018001FB88 | |
Source: | Code function: | 4_2_0000000180013B88 | |
Source: | Code function: | 4_2_0000000180022B8C | |
Source: | Code function: | 4_2_000000018000CB8D | |
Source: | Code function: | 4_2_0000000180008FA0 | |
Source: | Code function: | 4_2_0000000180014FA4 | |
Source: | Code function: | 4_2_00000001800197AC | |
Source: | Code function: | 4_2_00000001800257B4 | |
Source: | Code function: | 4_2_0000000180013FE0 | |
Source: | Code function: | 4_2_000000018000F3E0 | |
Source: | Code function: | 4_2_00000190E8E40000 | |
Source: | Code function: | 5_2_0000000180020454 | |
Source: | Code function: | 5_2_0000000180028C94 | |
Source: | Code function: | 5_2_00000001800038A5 | |
Source: | Code function: | 5_2_00000001800248E0 | |
Source: | Code function: | 5_2_0000000180005DB4 | |
Source: | Code function: | 5_2_0000000180004DDC | |
Source: | Code function: | 5_2_000000018000B1E0 | |
Source: | Code function: | 5_2_0000000180009E38 | |
Source: | Code function: | 5_2_0000000180003BE8 | |
Source: | Code function: | 5_2_0000000180009BEC | |
Source: | Code function: | 5_2_00000001800173F8 | |
Source: | Code function: | 5_2_0000000180017BF8 | |
Source: | Code function: | 5_2_0000000180015400 | |
Source: | Code function: | 5_2_0000000180001000 | |
Source: | Code function: | 5_2_000000018000741C | |
Source: | Code function: | 5_2_000000018000E828 | |
Source: | Code function: | 5_2_0000000180002834 | |
Source: | Code function: | 5_2_0000000180014C48 | |
Source: | Code function: | 5_2_000000018002005C | |
Source: | Code function: | 5_2_0000000180016464 | |
Source: | Code function: | 5_2_0000000180005478 | |
Source: | Code function: | 5_2_0000000180006880 | |
Source: | Code function: | 5_2_000000018002748C | |
Source: | Code function: | 5_2_000000018001308C | |
Source: | Code function: | 5_2_0000000180024098 | |
Source: | Code function: | 5_2_000000018001B898 | |
Source: | Code function: | 5_2_000000018000C498 | |
Source: | Code function: | 5_2_0000000180004CA0 | |
Source: | Code function: | 5_2_00000001800110AC | |
Source: | Code function: | 5_2_00000001800148B0 | |
Source: | Code function: | 5_2_00000001800078B6 | |
Source: | Code function: | 5_2_0000000180001CCC | |
Source: | Code function: | 5_2_000000018000B8D0 | |
Source: | Code function: | 5_2_00000001800198DC | |
Source: | Code function: | 5_2_00000001800038DC | |
Source: | Code function: | 5_2_00000001800264F8 | |
Source: | Code function: | 5_2_00000001800084F8 | |
Source: | Code function: | 5_2_000000018000BD00 | |
Source: | Code function: | 5_2_0000000180015508 | |
Source: | Code function: | 5_2_0000000180018D0C | |
Source: | Code function: | 5_2_0000000180012110 | |
Source: | Code function: | 5_2_000000018001B520 | |
Source: | Code function: | 5_2_0000000180029124 | |
Source: | Code function: | 5_2_0000000180013524 | |
Source: | Code function: | 5_2_0000000180009D24 | |
Source: | Code function: | 5_2_0000000180023D28 | |
Source: | Code function: | 5_2_0000000180002128 | |
Source: | Code function: | 5_2_0000000180020930 | |
Source: | Code function: | 5_2_0000000180009144 | |
Source: | Code function: | 5_2_000000018001F550 | |
Source: | Code function: | 5_2_0000000180020D54 | |
Source: | Code function: | 5_2_0000000180010954 | |
Source: | Code function: | 5_2_0000000180018560 | |
Source: | Code function: | 5_2_000000018000E570 | |
Source: | Code function: | 5_2_000000018001C974 | |
Source: | Code function: | 5_2_000000018000F174 | |
Source: | Code function: | 5_2_0000000180025D84 | |
Source: | Code function: | 5_2_0000000180005590 | |
Source: | Code function: | 5_2_0000000180017198 | |
Source: | Code function: | 5_2_00000001800159A0 | |
Source: | Code function: | 5_2_0000000180011DAC | |
Source: | Code function: | 5_2_000000018000D1AC | |
Source: | Code function: | 5_2_00000001800069C0 | |
Source: | Code function: | 5_2_000000018000A1D4 | |
Source: | Code function: | 5_2_00000001800079D8 | |
Source: | Code function: | 5_2_000000018001C1DC | |
Source: | Code function: | 5_2_000000018000D1E0 | |
Source: | Code function: | 5_2_00000001800199E8 | |
Source: | Code function: | 5_2_00000001800099EC | |
Source: | Code function: | 5_2_0000000180028A04 | |
Source: | Code function: | 5_2_000000018001FA08 | |
Source: | Code function: | 5_2_000000018001E614 | |
Source: | Code function: | 5_2_0000000180001A1C | |
Source: | Code function: | 5_2_000000018000BA24 | |
Source: | Code function: | 5_2_0000000180021A2C | |
Source: | Code function: | 5_2_0000000180019230 | |
Source: | Code function: | 5_2_000000018000BE34 | |
Source: | Code function: | 5_2_0000000180012244 | |
Source: | Code function: | 5_2_0000000180006650 | |
Source: | Code function: | 5_2_0000000180001660 | |
Source: | Code function: | 5_2_0000000180011664 | |
Source: | Code function: | 5_2_000000018001827C | |
Source: | Code function: | 5_2_0000000180024680 | |
Source: | Code function: | 5_2_0000000180022A84 | |
Source: | Code function: | 5_2_000000018000AE84 | |
Source: | Code function: | 5_2_0000000180028690 | |
Source: | Code function: | 5_2_0000000180015694 | |
Source: | Code function: | 5_2_0000000180007694 | |
Source: | Code function: | 5_2_0000000180013698 | |
Source: | Code function: | 5_2_0000000180009298 | |
Source: | Code function: | 5_2_000000018002629C | |
Source: | Code function: | 5_2_000000018001629C | |
Source: | Code function: | 5_2_000000018000569C | |
Source: | Code function: | 5_2_0000000180027EA4 | |
Source: | Code function: | 5_2_00000001800096B8 | |
Source: | Code function: | 5_2_000000018000EAC4 | |
Source: | Code function: | 5_2_0000000180018ECC | |
Source: | Code function: | 5_2_000000018001B2F0 | |
Source: | Code function: | 5_2_0000000180007AF0 | |
Source: | Code function: | 5_2_000000018000E708 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00007FFA0AE73CB0 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_0000000180005DB4 |
Source: | Process created: |
Source: | Mutant created: |
Source: | File read: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFA0AE68384 | |
Source: | Code function: | 0_2_00007FFA0AE68912 | |
Source: | Code function: | 0_2_000000018001E0DD | |
Source: | Code function: | 0_2_000000018001E0F1 | |
Source: | Code function: | 0_2_0000000180023128 | |
Source: | Code function: | 0_2_000000018001E5C7 | |
Source: | Code function: | 0_2_0000000180022E56 | |
Source: | Code function: | 0_2_0000000180023A86 | |
Source: | Code function: | 0_2_0000000180022F64 | |
Source: | Code function: | 0_2_000000018000838E | |
Source: | Code function: | 3_2_00007FFA0AE68384 | |
Source: | Code function: | 3_2_00007FFA0AE68912 | |
Source: | Code function: | 3_2_000000018001E0DD | |
Source: | Code function: | 3_2_000000018001E0F1 | |
Source: | Code function: | 3_2_0000000180023128 | |
Source: | Code function: | 3_2_000000018001E5C7 | |
Source: | Code function: | 3_2_0000000180022E56 | |
Source: | Code function: | 3_2_0000000180023A86 | |
Source: | Code function: | 3_2_0000000180022F64 | |
Source: | Code function: | 3_2_000000018000838E | |
Source: | Code function: | 4_2_000000018001E0DD | |
Source: | Code function: | 4_2_000000018001E0F1 | |
Source: | Code function: | 4_2_0000000180023128 | |
Source: | Code function: | 4_2_000000018001E5C7 | |
Source: | Code function: | 4_2_0000000180022E56 | |
Source: | Code function: | 4_2_0000000180023A86 | |
Source: | Code function: | 4_2_0000000180022F64 | |
Source: | Code function: | 4_2_000000018000838E | |
Source: | Code function: | 5_2_000000018001E0DD | |
Source: | Code function: | 5_2_000000018001E0F1 | |
Source: | Code function: | 5_2_0000000180023128 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: |
Source: | PE file moved: | Jump to behavior |
Boot Survival |
---|
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FFA0AE6C334 | |
Source: | Code function: | 3_2_00007FFA0AE6C334 |
Source: | File Volume queried: | Jump to behavior | ||
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00007FFA0AE69474 |
Source: | Code function: | 0_2_00007FFA0AE6DD90 |
Source: | Code function: | 0_2_00007FFA0AE63AD0 | |
Source: | Code function: | 0_2_00007FFA0AE69474 | |
Source: | Code function: | 0_2_00007FFA0AE64944 | |
Source: | Code function: | 3_2_00007FFA0AE63AD0 | |
Source: | Code function: | 3_2_00007FFA0AE69474 | |
Source: | Code function: | 3_2_00007FFA0AE64944 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00007FFA0AE6AB50 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00007FFA0AE64A94 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 11 Registry Run Keys / Startup Folder | 111 Process Injection | 21 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 11 Registry Run Keys / Startup Folder | 1 Virtualization/Sandbox Evasion | LSASS Memory | 21 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 111 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Hidden Files and Directories | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Regsvr32 | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Rundll32 | DCSync | 24 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 File Deletion | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File | ||
100% | Avira | HEUR/AGEN.1215461 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.105.115.71 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | true | |
188.165.79.151 | unknown | France | 16276 | OVHFR | true | |
196.44.98.190 | unknown | Ghana | 327814 | EcobandGH | true | |
174.138.33.49 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
36.67.23.59 | unknown | Indonesia | 17974 | TELKOMNET-AS2-APPTTelekomunikasiIndonesiaID | true | |
103.41.204.169 | unknown | Indonesia | 58397 | INFINYS-AS-IDPTInfinysSystemIndonesiaID | true | |
85.214.67.203 | unknown | Germany | 6724 | STRATOSTRATOAGDE | true | |
83.229.80.93 | unknown | United Kingdom | 8513 | SKYVISIONGB | true | |
198.199.70.22 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
93.104.209.107 | unknown | Germany | 8767 | MNET-ASGermanyDE | true | |
186.250.48.5 | unknown | Brazil | 262807 | RedfoxTelecomunicacoesLtdaBR | true | |
209.239.112.82 | unknown | United States | 30083 | AS-30083-GO-DADDY-COM-LLCUS | true | |
175.126.176.79 | unknown | Korea Republic of | 9523 | MOKWON-AS-KRMokwonUniversityKR | true | |
128.199.242.164 | unknown | United Kingdom | 14061 | DIGITALOCEAN-ASNUS | true | |
178.238.225.252 | unknown | Germany | 51167 | CONTABODE | true | |
46.101.98.60 | unknown | Netherlands | 14061 | DIGITALOCEAN-ASNUS | true | |
190.145.8.4 | unknown | Colombia | 14080 | TelmexColombiaSACO | true | |
82.98.180.154 | unknown | Spain | 42612 | DINAHOSTING-ASES | true | |
103.71.99.57 | unknown | India | 135682 | AWDHPL-AS-INAdvikaWebDevelopmentsHostingPvtLtdIN | true | |
87.106.97.83 | unknown | Germany | 8560 | ONEANDONE-ASBrauerstrasse48DE | true | |
103.254.12.236 | unknown | Viet Nam | 56151 | DIGISTAR-VNDigiStarCompanyLimitedVN | true | |
103.85.95.4 | unknown | Indonesia | 136077 | IDNIC-UNSRAT-AS-IDUniversitasIslamNegeriMataramID | true | |
202.134.4.210 | unknown | Indonesia | 7713 | TELKOMNET-AS-APPTTelekomunikasiIndonesiaID | true | |
165.22.254.236 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
78.47.204.80 | unknown | Germany | 24940 | HETZNER-ASDE | true | |
118.98.72.86 | unknown | Indonesia | 7713 | TELKOMNET-AS-APPTTelekomunikasiIndonesiaID | true | |
139.59.80.108 | unknown | Singapore | 14061 | DIGITALOCEAN-ASNUS | true | |
104.244.79.94 | unknown | United States | 53667 | PONYNETUS | true | |
37.44.244.177 | unknown | Germany | 47583 | AS-HOSTINGERLT | true | |
51.75.33.122 | unknown | France | 16276 | OVHFR | true | |
160.16.143.191 | unknown | Japan | 9370 | SAKURA-BSAKURAInternetIncJP | true | |
103.56.149.105 | unknown | Indonesia | 55688 | BEON-AS-IDPTBeonIntermediaID | true | |
85.25.120.45 | unknown | Germany | 8972 | GD-EMEA-DC-SXB1DE | true | |
139.196.72.155 | unknown | China | 37963 | CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd | true | |
115.178.55.22 | unknown | Indonesia | 38783 | SIMAYA-AS-IDPTSimayaJejaringMandiriID | true | |
103.126.216.86 | unknown | Bangladesh | 138482 | SKYVIEW-AS-APSKYVIEWONLINELTDBD | true | |
128.199.217.206 | unknown | United Kingdom | 14061 | DIGITALOCEAN-ASNUS | true | |
114.79.130.68 | unknown | India | 45769 | DVOIS-IND-VoisBroadbandPvtLtdIN | true | |
103.224.241.74 | unknown | India | 133296 | WEBWERKS-AS-INWebWerksIndiaPvtLtdIN | true | |
210.57.209.142 | unknown | Indonesia | 38142 | UNAIR-AS-IDUniversitasAirlanggaID | true | |
202.28.34.99 | unknown | Thailand | 9562 | MSU-TH-APMahasarakhamUniversityTH | true | |
80.211.107.116 | unknown | Italy | 31034 | ARUBA-ASNIT | true | |
54.37.228.122 | unknown | France | 16276 | OVHFR | true | |
218.38.121.17 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true | |
185.148.169.10 | unknown | Germany | 44780 | EVERSCALE-ASDE | true | |
195.77.239.39 | unknown | Spain | 60493 | FICOSA-ASES | true | |
178.62.112.199 | unknown | European Union | 14061 | DIGITALOCEAN-ASNUS | true | |
62.171.178.147 | unknown | United Kingdom | 51167 | CONTABODE | true | |
64.227.55.231 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 745045 |
Start date and time: | 2022-11-13 18:15:39 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | BiiRGnhWx8.exe (renamed file extension from exe to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.troj.evad.winDLL@21/2@0/49 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 209.197.3.8
- Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wu-bg-shim.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
18:17:20 | API Interceptor | |
18:17:38 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
172.105.115.71 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
188.165.79.151 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
LINODE-APLinodeLLCUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62919 |
Entropy (8bit): | 7.995280921994772 |
Encrypted: | true |
SSDEEP: | 1536:d+OfVxHl7Wyf11lYom3xQcRVOtPHwQV4rP6Ji7:d+OxHxJlZcuPt4b6q |
MD5: | 3DCF580A93972319E82CAFBC047D34D5 |
SHA1: | 8528D2A1363E5DE77DC3B1142850E51EAD0F4B6B |
SHA-256: | 40810E31F1B69075C727E6D557F9614D5880112895FF6F4DF1767E87AE5640D1 |
SHA-512: | 98384BE7218340F95DAE88D1CB865F23A0B4E12855BEB6E74A3752274C9B4C601E493864DB777BCA677A370D0A9DBFFD68D94898A82014537F3A801CCE839C42 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\System32\regsvr32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 328 |
Entropy (8bit): | 3.1108374798811247 |
Encrypted: | false |
SSDEEP: | 6:kKoN1HlNiN+SkQlPlEGYRMY9z+4KlDA3RUeKlTAlWRyf1:I/kPlE99SNxAhUexYo1 |
MD5: | 09DAA74AF3C71093F739A1CBFF2FF565 |
SHA1: | 2617105C84BEA952A57E41AC8AA4AEE237C47862 |
SHA-256: | 5C9B9894AC30CB054EE6C2C19E5424C9E081019DB9DA4FA5960A81A2B7864152 |
SHA-512: | C27B43F97ED8BB4D586E43E9CFFA92E7C39674ED7C219B50F61D70F1688D1B52316D3287971D7F3DE2DCC207041EA23801E284B0AECC273D0786EBF0B29A4577 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.619182215199665 |
TrID: |
|
File name: | BiiRGnhWx8.dll |
File size: | 528896 |
MD5: | d9984f38618baca5ed43e0f2cbe59b0b |
SHA1: | 10581c60d1ea45385f9bbfa6bb62e66b29ce14c6 |
SHA256: | eac5c6cd3836bed3cfee274587583fa29a629d0bb7ce3aa54a2691c69329d307 |
SHA512: | 5f47bcb80906bf5db879ab8673ce31c60ecb8da786fd1585e09c5a67ab54e9e0e556eb31e18b867ab243ceee64d340dc15af193a56f49d9a6ba7600b56c7d695 |
SSDEEP: | 6144:mW1239bnTe+0Qv7NSEBj43USaI6Y/jOpxHRikSYI+QALgIJ1divndEXln:mW1e9PeexPBjvKSpuvYI+TLgs1dcEXl |
TLSH: | 5AB4F829A59E76F0C951A1F5A0420B1595F33C88FEF68EAF03502F296F6F24425F768C |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................$...s...$...............................$.......$...............`.......`.......e.h.....`.......Rich........... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x1800044e0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x636D6724 [Thu Nov 10 21:03:32 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 81146e0614ccc4eb7174ad2ad695dedb |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007FDDE4C0D917h |
call 00007FDDE4C0DEA8h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007FDDE4C0D78Ch |
int3 |
int3 |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
mov eax, edx |
dec eax |
lea ecx, dword ptr [00033F0Dh] |
dec eax |
mov dword ptr [ebx], ecx |
dec eax |
lea edx, dword ptr [ebx+08h] |
xor ecx, ecx |
dec eax |
mov dword ptr [edx], ecx |
dec eax |
mov dword ptr [edx+08h], ecx |
dec eax |
lea ecx, dword ptr [eax+08h] |
call 00007FDDE4C10111h |
dec eax |
lea eax, dword ptr [00033F1Dh] |
dec eax |
mov dword ptr [ebx], eax |
dec eax |
mov eax, ebx |
dec eax |
add esp, 20h |
pop ebx |
ret |
int3 |
xor eax, eax |
dec eax |
mov dword ptr [ecx+10h], eax |
dec eax |
lea eax, dword ptr [00033F13h] |
dec eax |
mov dword ptr [ecx+08h], eax |
dec eax |
lea eax, dword ptr [00033EF8h] |
dec eax |
mov dword ptr [ecx], eax |
dec eax |
mov eax, ecx |
ret |
int3 |
inc eax |
push ebx |
dec eax |
sub esp, 20h |
dec eax |
mov ebx, ecx |
dec eax |
mov eax, edx |
dec eax |
lea ecx, dword ptr [00033EADh] |
dec eax |
mov dword ptr [ebx], ecx |
dec eax |
lea edx, dword ptr [ebx+08h] |
xor ecx, ecx |
dec eax |
mov dword ptr [edx], ecx |
dec eax |
mov dword ptr [edx+08h], ecx |
dec eax |
lea ecx, dword ptr [eax+08h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x7cda0 | 0x58 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7cdf8 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x87000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x82000 | 0x192c | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x88000 | 0x66c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x7a410 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x7a430 | 0x94 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x38000 | 0x370 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x36fd5 | 0x37000 | False | 0.38967507102272725 | data | 5.930785005703424 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x38000 | 0x4597a | 0x45a00 | False | 0.6705214878815081 | data | 6.275551295496245 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x7e000 | 0x3394 | 0xc00 | False | 0.18294270833333334 | DOS executable (block device driver \337-\231+]) | 2.573523630872546 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x82000 | 0x192c | 0x1a00 | False | 0.4794170673076923 | data | 5.1711441720039435 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gfids | 0x84000 | 0xdc | 0x200 | False | 0.244140625 | Spectrum .TAP data "6 " - BASIC program | 1.1531659578770692 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gxfg | 0x85000 | 0x1000 | 0x1000 | False | 0.44091796875 | data | 5.088628746947821 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.gehcont | 0x86000 | 0xc | 0x200 | False | 0.0390625 | data | 0.06116285224115448 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x87000 | 0x1e0 | 0x200 | False | 0.52734375 | data | 4.724728911998389 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x88000 | 0x66c | 0x800 | False | 0.537109375 | data | 4.9054360857170005 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0x87060 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetConsoleMode, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapReAlloc, HeapSize, SetFilePointerEx, ExitProcess, GetStdHandle, GetProcessHeap, CreateFileW, CloseHandle, GetStringTypeW, LCMapStringW, GetFileType, VirtualAlloc, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, RtlPcToFileHeader, EncodePointer, RaiseException, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, WriteConsoleW |
USER32.dll | EndPaint, BeginPaint, InvalidateRect, GetMessageW, DefWindowProcW, CloseTouchInputHandle, GetTouchInputInfo, DestroyWindow, MessageBoxW, CreateWindowExW, RegisterClassExW, LoadStringW, ShowWindow, DispatchMessageW, RegisterTouchWindow, MessageBoxA, UnregisterTouchWindow, TranslateAcceleratorW, TranslateMessage, LoadCursorW, PostQuitMessage, UpdateWindow |
GDI32.dll | Polyline, LineTo, CreatePen, MoveToEx, DeleteObject, SelectObject |
ole32.dll | CoUninitialize, CoCreateInstance, CoInitialize |
CRYPT32.dll | CryptStringToBinaryA |
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x180013f70 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.5115.178.55.2249705802404304 11/13/22-18:17:19.238937 | TCP | 2404304 | ET CNC Feodo Tracker Reported CnC Server TCP group 3 | 49705 | 80 | 192.168.2.5 | 115.178.55.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 13, 2022 18:17:19.238936901 CET | 49705 | 80 | 192.168.2.5 | 115.178.55.22 |
Nov 13, 2022 18:17:19.518835068 CET | 80 | 49705 | 115.178.55.22 | 192.168.2.5 |
Nov 13, 2022 18:17:20.033035040 CET | 49705 | 80 | 192.168.2.5 | 115.178.55.22 |
Nov 13, 2022 18:17:20.313260078 CET | 80 | 49705 | 115.178.55.22 | 192.168.2.5 |
Nov 13, 2022 18:17:20.814580917 CET | 49705 | 80 | 192.168.2.5 | 115.178.55.22 |
Nov 13, 2022 18:17:21.094271898 CET | 80 | 49705 | 115.178.55.22 | 192.168.2.5 |
Nov 13, 2022 18:17:26.331172943 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:26.506711960 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:26.510036945 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:26.515836000 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:26.690846920 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:26.707281113 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:26.707344055 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:26.707506895 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:26.718679905 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:26.893285990 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:26.894149065 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:26.939825058 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:31.656793118 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:31.656918049 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:31.831383944 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:31.831440926 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:32.457365990 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:32.565342903 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:35.458688021 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:35.458734989 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:35.458920956 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:35.459095001 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:35.459194899 CET | 49707 | 8080 | 192.168.2.5 | 172.105.115.71 |
Nov 13, 2022 18:17:35.633414984 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Nov 13, 2022 18:17:35.633441925 CET | 8080 | 49707 | 172.105.115.71 | 192.168.2.5 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:16:34 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff640670000 |
File size: | 139776 bytes |
MD5 hash: | C676FC0263EDD17D4CE7D644B8F3FCD6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 1 |
Start time: | 18:16:34 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fcd70000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 2 |
Start time: | 18:16:34 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff627730000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Target ID: | 3 |
Start time: | 18:16:34 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b6d0000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 4 |
Start time: | 18:16:34 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72c4a0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 5 |
Start time: | 18:16:34 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72c4a0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 6 |
Start time: | 18:16:39 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b6d0000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Target ID: | 7 |
Start time: | 18:16:39 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b6d0000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 8 |
Start time: | 18:16:39 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b6d0000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 9 |
Start time: | 18:16:42 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b6d0000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Target ID: | 12 |
Start time: | 18:17:47 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b6d0000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Target ID: | 13 |
Start time: | 18:17:53 |
Start date: | 13/11/2022 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff79b6d0000 |
File size: | 24064 bytes |
MD5 hash: | D78B75FC68247E8A63ACBA846182740E |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Execution Graph
Execution Coverage: | 10.1% |
Dynamic/Decrypted Code Coverage: | 3% |
Signature Coverage: | 10.3% |
Total number of Nodes: | 701 |
Total number of Limit Nodes: | 11 |
Graph
Function 00007FFA0AE73FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747COMMONCrypto
Control-flow Graph
C-Code - Quality: 25% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000239F38C0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE62600 Relevance: 9.1, APIs: 6, Instructions: 114COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE61910 Relevance: 7.6, APIs: 5, Instructions: 59COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE613A0 Relevance: 7.6, APIs: 5, Instructions: 52COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE79510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59memoryCOMMON
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE612B0 Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE73F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6A9DC Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE622B0 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6AAD0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6AA18 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE73CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE69474 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE71910 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE79410 Relevance: 3.1, APIs: 2, Instructions: 60encryptionCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015694 Relevance: .2, Instructions: 198COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001B2F0 Relevance: .2, Instructions: 174COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000741C Relevance: .2, Instructions: 164COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001629C Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6ABC0 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013698 Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180011DAC Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000D1AC Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180020930 Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E570 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013524 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015508 Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180017198 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018001E614 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013B88 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000BE34 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180012110 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001800197AC Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180020D54 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E828 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180022B8C Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000000018000E368 Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180015400 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6AB50 Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 86% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489COMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6BA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE69C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6EB68 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE61CE0 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE61DF0 Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE71004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE72EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE73ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 10% |
Dynamic/Decrypted Code Coverage: | 2.2% |
Signature Coverage: | 0% |
Total number of Nodes: | 935 |
Total number of Limit Nodes: | 7 |
Graph
Function 00007FFA0AE73FB0 Relevance: 2283.0, APIs: 11, Strings: 1292, Instructions: 2747COMMONCrypto
Control-flow Graph
C-Code - Quality: 25% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00800000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE62600 Relevance: 9.1, APIs: 6, Instructions: 114COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6BA4C Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE61910 Relevance: 7.6, APIs: 5, Instructions: 59COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE613A0 Relevance: 7.6, APIs: 5, Instructions: 52COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE79510 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 59memoryCOMMON
Control-flow Graph
C-Code - Quality: 45% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE612B0 Relevance: 6.1, APIs: 4, Instructions: 51COMMONLIBRARYCODE
Control-flow Graph
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE73F70 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6A9DC Relevance: 3.0, APIs: 2, Instructions: 19COMMONLIBRARYCODE
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE622B0 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6AAD0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6AA18 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE69474 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
C-Code - Quality: 65% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE73CB0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 97registrywindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6893C Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 489COMMON
C-Code - Quality: 40% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6D8F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6B8D4 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE728C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE69C24 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6EB68 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6BB14 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 29% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE61CE0 Relevance: 6.1, APIs: 4, Instructions: 63COMMONLIBRARYCODE
C-Code - Quality: 47% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE61DF0 Relevance: 6.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE71004 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
C-Code - Quality: 56% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE72EB4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30COMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE73ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA0AE6472C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11COMMONLIBRARYCODE
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 12.3% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 46 |
Total number of Limit Nodes: | 2 |
Graph
Function 00000190E8E40000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 12.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 46 |
Total number of Limit Nodes: | 2 |
Graph
Function 00000244E2B60000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 18.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 51 |
Total number of Limit Nodes: | 5 |
Graph
Function 005D0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000180013CEC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 11.8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 41 |
Total number of Limit Nodes: | 3 |
Graph
Function 003E0000 Relevance: 53.5, APIs: 4, Strings: 26, Instructions: 953memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |