Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 2228 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 18E1D0F8B01CEAE85D5D7136C4CF751A) - service123.exe (PID: 7148 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\servic e123.exe" MD5: F48DE3A26F00253050481FA7F5CD3EC3) - schtasks.exe (PID: 4448 cmdline:
"C:\Window s\System32 \schtasks. exe" /crea te /tn "Se rviceData4 " /tr "C:\ Users\user \AppData\L ocal\Temp\ /service12 3.exe" /st 00:01 /du 9800:59 / sc once /r i 1 /f MD5: 48C2FE20575769DE916F48EF0676A965) - conhost.exe (PID: 4508 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- service123.exe (PID: 6408 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\/servic e123.exe MD5: F48DE3A26F00253050481FA7F5CD3EC3)
- service123.exe (PID: 5404 cmdline:
C:\Users\u ser\AppDat a\Local\Te mp\/servic e123.exe MD5: F48DE3A26F00253050481FA7F5CD3EC3)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CryptBot | A typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2. | No Attribution |
{"C2 list": ["fivevh5pt.top", "analforeverlovyu.top", "@fivevh5pt.top"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security | ||
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Clipboard_Hijacker_5 | Yara detected Clipboard Hijacker | Joe Security |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-29T00:53:24.312365+0200 | 2054350 | 1 | A Network Trojan was detected | 192.168.2.5 | 49725 | 84.38.182.221 | 80 | TCP |
2024-09-29T00:53:27.885702+0200 | 2054350 | 1 | A Network Trojan was detected | 192.168.2.5 | 49729 | 84.38.182.221 | 80 | TCP |
2024-09-29T00:53:32.795410+0200 | 2054350 | 1 | A Network Trojan was detected | 192.168.2.5 | 49730 | 84.38.182.221 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Integrated Neural Analysis Model: |
Source: | Code function: | 4_2_00CB15B0 | |
Source: | Code function: | 4_2_00CB83F5 | |
Source: | Code function: | 4_2_6C3814B0 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 4_2_00CB81E0 | |
Source: | Code function: | 4_2_6C3FAC70 | |
Source: | Code function: | 4_2_6C3FAD20 | |
Source: | Code function: | 4_2_6C3FAD20 | |
Source: | Code function: | 4_2_6C422EF0 | |
Source: | Code function: | 4_2_6C39AF80 | |
Source: | Code function: | 4_2_6C39E8C0 | |
Source: | Code function: | 4_2_6C4204E0 | |
Source: | Code function: | 4_2_6C3AE490 | |
Source: | Code function: | 4_2_6C3AE490 | |
Source: | Code function: | 4_2_6C3A04F0 | |
Source: | Code function: | 4_2_6C3A0610 | |
Source: | Code function: | 4_2_6C3AA720 | |
Source: | Code function: | 4_2_6C3AA790 | |
Source: | Code function: | 4_2_6C3AA790 | |
Source: | Code function: | 4_2_6C3A0010 | |
Source: | Code function: | 4_2_6C454110 | |
Source: | Code function: | 4_2_6C428250 | |
Source: | Code function: | 4_2_6C3A4203 | |
Source: | Code function: | 4_2_6C3AC2C0 | |
Source: | Code function: | 4_2_6C3AA330 | |
Source: | Code function: | 4_2_6C3AA3A0 | |
Source: | Code function: | 4_2_6C3AA3A0 | |
Source: | Code function: | 4_2_6C3FBDF0 | |
Source: | Code function: | 4_2_6C3FBF50 | |
Source: | Code function: | 4_2_6C3D9F90 | |
Source: | Code function: | 4_2_6C3D9910 | |
Source: | Code function: | 4_2_6C439900 | |
Source: | Code function: | 4_2_6C3BB98B | |
Source: | Code function: | 4_2_6C3BB987 | |
Source: | Code function: | 4_2_6C3FBAC0 | |
Source: | Code function: | 4_2_6C3F7AC0 | |
Source: | Code function: | 4_2_6C3AD424 | |
Source: | Code function: | 4_2_6C3F3440 | |
Source: | Code function: | 4_2_6C3AD5A4 | |
Source: | Code function: | 4_2_6C3F35F0 | |
Source: | Code function: | 4_2_6C3AD724 | |
Source: | Code function: | 4_2_6C3AD050 | |
Source: | Code function: | 4_2_6C417100 | |
Source: | Code function: | 4_2_6C3AD2B4 | |
Source: | Code function: | 4_2_6C3FB280 | |
Source: | Code function: | 4_2_6C3F93B0 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 4_2_6C399B99 |
Source: | Code function: | 4_2_6C399B99 |
System Summary |
---|
Source: | File dump: | Jump to dropped file |
Source: | Code function: | 4_2_00CB51B0 | |
Source: | Code function: | 4_2_00CB3E20 | |
Source: | Code function: | 4_2_6C38CD00 | |
Source: | Code function: | 4_2_6C38EE50 | |
Source: | Code function: | 4_2_6C444E80 | |
Source: | Code function: | 4_2_6C390FC0 | |
Source: | Code function: | 4_2_6C3D0870 | |
Source: | Code function: | 4_2_6C3C2A7E | |
Source: | Code function: | 4_2_6C3C4490 | |
Source: | Code function: | 4_2_6C3944F0 | |
Source: | Code function: | 4_2_6C3B8570 | |
Source: | Code function: | 4_2_6C3C0580 | |
Source: | Code function: | 4_2_6C3B2110 | |
Source: | Code function: | 4_2_6C3CFE10 | |
Source: | Code function: | 4_2_6C3C1E40 | |
Source: | Code function: | 4_2_6C395880 | |
Source: | Code function: | 4_2_6C3CD99E | |
Source: | Code function: | 4_2_6C3DDA20 | |
Source: | Code function: | 4_2_6C3AF510 | |
Source: | Code function: | 4_2_6C3B96A0 | |
Source: | Code function: | 4_2_6C3C77D0 | |
Source: | Code function: | 4_2_6C383000 | |
Source: | Code function: | 4_2_6C3970C0 | |
Source: | Code function: | 4_2_6C3C11BE | |
Source: | Code function: | 4_2_6C3D12C0 | |
Source: | Code function: | 4_2_6C3CF3C0 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 4_2_00CB8230 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 4_2_00CBA694 | |
Source: | Code function: | 4_2_6C3C8C3E | |
Source: | Code function: | 4_2_6C3F5018 | |
Source: | Code function: | 4_2_6C3D4DD5 | |
Source: | Code function: | 4_2_6C3C6E17 | |
Source: | Code function: | 4_2_6C3D4FB5 | |
Source: | Code function: | 4_2_6C3FE98B | |
Source: | Code function: | 4_2_6C3D2870 | |
Source: | Code function: | 4_2_6C3E8E4F | |
Source: | Code function: | 4_2_6C3D0866 | |
Source: | Code function: | 4_2_6C430B5A | |
Source: | Code function: | 4_2_6C402CD4 | |
Source: | Code function: | 4_2_6C402CF3 | |
Source: | Code function: | 4_2_6C3FEBE3 | |
Source: | Code function: | 4_2_6C3D4BF5 | |
Source: | Code function: | 4_2_6C4107FF | |
Source: | Code function: | 4_2_6C3D8459 | |
Source: | Code function: | 4_2_6C3C048A | |
Source: | Code function: | 4_2_6C3C048A | |
Source: | Code function: | 4_2_6C3C048A | |
Source: | Code function: | 4_2_6C3C64B7 | |
Source: | Code function: | 4_2_6C3CA53B | |
Source: | Code function: | 4_2_6C456622 | |
Source: | Code function: | 4_2_6C456622 | |
Source: | Code function: | 4_2_6C3CA70B | |
Source: | Code function: | 4_2_6C456AF6 | |
Source: | Code function: | 4_2_6C456B36 | |
Source: | Code function: | 4_2_6C456622 | |
Source: | Code function: | 4_2_6C3D40E9 | |
Source: | Code function: | 4_2_6C3C81F9 | |
Source: | Code function: | 4_2_6C3C0251 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Evasive API call chain: | graph_4-158141 |
Source: | Stalling execution: | graph_4-158142 |
Source: | Registry key queried: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 4_2_00CB8230 |
Source: | Code function: | 4_2_00CB116C | |
Source: | Code function: | 4_2_00CB11A3 | |
Source: | Code function: | 4_2_00CB1160 | |
Source: | Code function: | 4_2_00CB13C9 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 4_2_6C408280 |
Source: | Registry key value queried: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 11 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 11 Security Software Discovery | Remote Services | 1 Archive Collected Data | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 11 Native API | 1 DLL Side-Loading | 1 Scheduled Task/Job | 2 Virtualization/Sandbox Evasion | LSASS Memory | 2 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 2 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 11 Process Injection | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 112 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | 22 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fivevh5pt.top | 84.38.182.221 | true | true | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true |
| unknown | |
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
84.38.182.221 | fivevh5pt.top | Russian Federation | 49505 | SELECTELRU | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1521587 |
Start date and time: | 2024-09-29 00:52:09 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@8/2@1/1 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
- Excluded IPs from analysis (whitelisted): 20.190.159.71, 40.126.31.71, 20.190.159.68, 20.190.159.75, 40.126.31.73, 40.126.31.69, 20.190.159.73, 40.126.31.67
- Excluded domains from analysis (whitelisted): client.wns.windows.com, prdv4a.aadg.msidentity.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, ocsp.edge.digicert.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
- Execution Graph export aborted for target file.exe, PID 2228 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
00:54:16 | Task Scheduler | |
18:53:23 | API Interceptor | |
18:54:48 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
84.38.182.221 | Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse |
| |
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SELECTELRU | Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| |
Get hash | malicious | LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5Systemz | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot, Neoreklami, Socks5Systemz | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Socks5Systemz | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 315803136 |
Entropy (8bit): | 0.05434753529749484 |
Encrypted: | false |
SSDEEP: | 49152:TTGv1WxnKPxX8L1111111111111111111111111111111111111111111111R:T6V18 |
MD5: | 220AAD81B012673AD31832ECE7614AE1 |
SHA1: | AC0FE21347575ADC2E9DB64E9BB79271E543164C |
SHA-256: | E89B892A639E4C8AD105F6E2C3282D5D4B79926868C6AA244294EABF01F2C625 |
SHA-512: | 5B469F034C7C7194445BD4F679E54F95D0121BEAAAC8BE715E705AF940915F6C37C107AAEA3B5F3DC2C6E1124B8B00A10EE0313725957C6EB4422340617C32FA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 314617856 |
Entropy (8bit): | 0.0023405989925417807 |
Encrypted: | false |
SSDEEP: | |
MD5: | F48DE3A26F00253050481FA7F5CD3EC3 |
SHA1: | 6CEE0DEDD2117589F1DDCBD162165B66EC8A421D |
SHA-256: | 8C909FBA9151A9D636A3430A5D4149F0D22817267D97CECDFA48953B2B7D7452 |
SHA-512: | 12BCFCD5693566B021E7C2E4D16FB81FF4DAE519CB1931449F8E1896D63DBE9780630EE06243FC02FC8E0479F0BF6272FF301E983AB7762383CAE5A232AB8449 |
Malicious: | true |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 2.7737530246461977 |
TrID: |
|
File name: | file.exe |
File size: | 9'969'664 bytes |
MD5: | 18e1d0f8b01ceae85d5d7136c4cf751a |
SHA1: | 6d79a8cb0795d48ddf9bcf3ff97af16a4508f770 |
SHA256: | d73bea0eaec1c09fe508f58746a99586c3369be41d08845ba12764a4b2f2a147 |
SHA512: | 22f0cbbf9bcb2f5a1486cf0311ea298950a757af5eb2fbca0cf41cd8513b471eedc81a83db72d99d06cd7aa64d44ad836616f2115e622521a76cf0e90bffa0d4 |
SSDEEP: | 49152:BdDlHdR359lFG9h1347FDDMDquN8qA9NiqaSDT8nfcM8YF1ai:HDlHdZ59li4JMm |
TLSH: | D9A60A62ED8791EDF14708B8A009B3BF5634A715881DEA3CDF40EBD1E73297CD4AA215 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~..f...............(..+...................,...@.......................................@... .........................B.. |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x4014a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x66F7D87E [Sat Sep 28 10:20:46 2024 UTC] |
TLS Callbacks: | 0x401800, 0x4017b0 |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 208ad2c8c137e3d4c33022e4bb87e9bb |
Instruction |
---|
mov dword ptr [00D3F070h], 00000001h |
jmp 00007F98DC67D886h |
nop |
mov dword ptr [00D3F070h], 00000000h |
jmp 00007F98DC67D876h |
nop |
sub esp, 1Ch |
mov eax, dword ptr [esp+20h] |
mov dword ptr [esp], eax |
call 00007F98DC68BF86h |
cmp eax, 01h |
sbb eax, eax |
add esp, 1Ch |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
push ebp |
mov ebp, esp |
push edi |
push esi |
push ebx |
sub esp, 1Ch |
mov dword ptr [esp], 00D32000h |
call dword ptr [00D4122Ch] |
sub esp, 04h |
test eax, eax |
je 00007F98DC67DC45h |
mov ebx, eax |
mov dword ptr [esp], 00D32000h |
call dword ptr [00D4124Ch] |
mov edi, dword ptr [00D41234h] |
sub esp, 04h |
mov dword ptr [00D3F028h], eax |
mov dword ptr [esp+04h], 00D32013h |
mov dword ptr [esp], ebx |
call edi |
sub esp, 08h |
mov esi, eax |
mov dword ptr [esp+04h], 00D32029h |
mov dword ptr [esp], ebx |
call edi |
sub esp, 08h |
mov dword ptr [006C1004h], eax |
test esi, esi |
je 00007F98DC67DBE3h |
mov dword ptr [esp+04h], 00D3F02Ch |
mov dword ptr [esp], 00D3C104h |
call esi |
mov dword ptr [esp], 00401580h |
call 00007F98DC67DB33h |
lea esp, dword ptr [ebp-0Ch] |
pop ebx |
pop esi |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x940000 | 0x42 | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x941000 | 0xa98 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x944000 | 0x43b88 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x93ad24 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x94120c | 0x1a8 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2bfae8 | 0x2bfc00 | c5442317ed9af75d0008503ce8b95fa6 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x2c1000 | 0x670fc4 | 0x671000 | f57d7419a7cafaed1170965a385aaf92 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x932000 | 0x9e54 | 0xa000 | 45898605f009fab9093f805216fc9660 | False | 0.3743408203125 | data | 4.383405388911367 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.eh_fram | 0x93c000 | 0x21d8 | 0x2200 | 6d37e58695bec13ca1a87591b9b94043 | False | 0.32479319852941174 | data | 4.846068798335782 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.bss | 0x93f000 | 0xb74 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x940000 | 0x42 | 0x200 | 7b15e9c86a98cd3550a29c5b3214fa28 | False | 0.12109375 | data | 0.6450512701297626 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.idata | 0x941000 | 0xa98 | 0xc00 | 34903145c76e6d6c3b2954f79af2d238 | False | 0.3821614583333333 | data | 4.8240568780640345 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.CRT | 0x942000 | 0x30 | 0x200 | 947565758601e59a9e2e145caaaaefe2 | False | 0.064453125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x943000 | 0x8 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x944000 | 0x43b88 | 0x43c00 | 92457c917b4c4060a4d4cbe6e09cab55 | False | 0.2149698743081181 | data | 6.8359964707289675 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
ADVAPI32.dll | CryptAcquireContextA, CryptGenRandom, CryptReleaseContext |
KERNEL32.dll | DeleteCriticalSection, EnterCriticalSection, FreeLibrary, GetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetStartupInfoA, GetTempPathA, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryA, MultiByteToWideChar, SetUnhandledExceptionFilter, Sleep, TlsGetValue, VirtualProtect, VirtualQuery, WideCharToMultiByte, lstrlenA |
msvcrt.dll | __getmainargs, __initenv, __mb_cur_max, __p__acmdln, __p__commode, __p__fmode, __set_app_type, __setusermatherr, _amsg_exit, _assert, _cexit, _errno, _chsize, _exit, _filelengthi64, _fileno, _initterm, _iob, _lock, _onexit, _unlock, abort, atoi, calloc, exit, fclose, fflush, fgetpos, fopen, fputc, fread, free, freopen, fsetpos, fwrite, getc, islower, isspace, isupper, isxdigit, localeconv, malloc, memcmp, memcpy, memmove, memset, mktime, localtime, difftime, _mkdir, perror, puts, realloc, remove, setlocale, signal, strchr, strcmp, strerror, strlen, strncmp, strncpy, strtol, strtoul, tolower, ungetc, vfprintf, time, wcslen, wcstombs, _stat, _write, _utime, _open, _fileno, _close, _chmod |
SHELL32.dll | ShellExecuteA |
Name | Ordinal | Address |
---|---|---|
main | 1 | 0x5ac130 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-29T00:53:24.312365+0200 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | 1 | 192.168.2.5 | 49725 | 84.38.182.221 | 80 | TCP |
2024-09-29T00:53:27.885702+0200 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | 1 | 192.168.2.5 | 49729 | 84.38.182.221 | 80 | TCP |
2024-09-29T00:53:32.795410+0200 | 2054350 | ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 | 1 | 192.168.2.5 | 49730 | 84.38.182.221 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2024 00:53:23.066454887 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:23.071548939 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:23.071707964 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:23.071950912 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:23.071950912 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:23.079853058 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:23.079859018 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:24.312220097 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:24.312227964 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:24.312236071 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:24.312263966 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:24.312365055 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:24.312365055 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:24.312365055 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:24.312422037 CEST | 49725 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:24.321295023 CEST | 80 | 49725 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.819293976 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.825685024 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.825778008 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.826510906 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.826611996 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.832854033 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.832932949 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.832932949 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.832937956 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.832942009 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.832945108 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.832948923 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.833009005 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.833113909 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.833195925 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.833200932 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.833276987 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.833313942 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.833317995 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.833398104 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.839122057 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.839127064 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.839143038 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.839147091 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.839184999 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.839189053 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.839237928 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.839272022 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.885416985 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.885701895 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.937380075 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.937475920 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:27.985462904 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:27.985549927 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:28.037440062 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:28.037652969 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:28.085417986 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:28.085778952 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:28.133440018 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:28.297214985 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:28.758789062 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:28.758862972 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:28.758956909 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:28.758956909 CEST | 49729 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:28.765208960 CEST | 80 | 49729 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.974780083 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:31.981530905 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.981626034 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:31.985862970 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:31.985862970 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:31.992109060 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.992120028 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.992130041 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.992182970 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.992230892 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:31.993839979 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.993850946 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.993860006 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.993870974 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.993947983 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:31.998394012 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.998404980 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.998421907 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.998430967 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.998567104 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:31.998924017 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.998934031 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:31.998997927 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:32.000137091 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:32.028407097 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:32.034764051 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:32.795248985 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:32.795409918 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:32.795454979 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Sep 29, 2024 00:53:32.795519114 CEST | 49730 | 80 | 192.168.2.5 | 84.38.182.221 |
Sep 29, 2024 00:53:32.801634073 CEST | 80 | 49730 | 84.38.182.221 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 29, 2024 00:53:22.649847984 CEST | 59566 | 53 | 192.168.2.5 | 1.1.1.1 |
Sep 29, 2024 00:53:23.060422897 CEST | 53 | 59566 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 29, 2024 00:53:22.649847984 CEST | 192.168.2.5 | 1.1.1.1 | 0xce3e | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 29, 2024 00:53:09.886145115 CEST | 1.1.1.1 | 192.168.2.5 | 0x5ec2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 29, 2024 00:53:09.886145115 CEST | 1.1.1.1 | 192.168.2.5 | 0x5ec2 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
Sep 29, 2024 00:53:23.060422897 CEST | 1.1.1.1 | 192.168.2.5 | 0xce3e | No error (0) | 84.38.182.221 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49725 | 84.38.182.221 | 80 | 2228 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 29, 2024 00:53:23.071950912 CEST | 332 | OUT | |
Sep 29, 2024 00:53:23.071950912 CEST | 411 | OUT | |
Sep 29, 2024 00:53:24.312220097 CEST | 209 | IN | |
Sep 29, 2024 00:53:24.312263966 CEST | 209 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49729 | 84.38.182.221 | 80 | 2228 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 29, 2024 00:53:27.826510906 CEST | 334 | OUT | |
Sep 29, 2024 00:53:27.826611996 CEST | 11124 | OUT | |
Sep 29, 2024 00:53:27.832932949 CEST | 1236 | OUT | |
Sep 29, 2024 00:53:27.833009005 CEST | 7416 | OUT | |
Sep 29, 2024 00:53:27.833113909 CEST | 4944 | OUT | |
Sep 29, 2024 00:53:27.833276987 CEST | 4944 | OUT | |
Sep 29, 2024 00:53:27.833398104 CEST | 4944 | OUT | |
Sep 29, 2024 00:53:27.839237928 CEST | 9888 | OUT | |
Sep 29, 2024 00:53:27.839272022 CEST | 4944 | OUT | |
Sep 29, 2024 00:53:27.885701895 CEST | 34608 | OUT | |
Sep 29, 2024 00:53:27.937475920 CEST | 1236 | OUT | |
Sep 29, 2024 00:53:28.758789062 CEST | 209 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49730 | 84.38.182.221 | 80 | 2228 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 29, 2024 00:53:31.985862970 CEST | 334 | OUT | |
Sep 29, 2024 00:53:31.985862970 CEST | 11124 | OUT | |
Sep 29, 2024 00:53:31.992230892 CEST | 8652 | OUT | |
Sep 29, 2024 00:53:31.993947983 CEST | 9888 | OUT | |
Sep 29, 2024 00:53:31.998567104 CEST | 359 | OUT | |
Sep 29, 2024 00:53:32.028407097 CEST | 1236 | OUT | |
Sep 29, 2024 00:53:32.795248985 CEST | 209 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 18:53:13 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf00000 |
File size: | 9'969'664 bytes |
MD5 hash: | 18E1D0F8B01CEAE85D5D7136C4CF751A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 18:54:15 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\service123.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcb0000 |
File size: | 314'617'856 bytes |
MD5 hash: | F48DE3A26F00253050481FA7F5CD3EC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 5 |
Start time: | 18:54:15 |
Start date: | 28/09/2024 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 187'904 bytes |
MD5 hash: | 48C2FE20575769DE916F48EF0676A965 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 18:54:15 |
Start date: | 28/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 18:54:18 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\service123.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcb0000 |
File size: | 314'617'856 bytes |
MD5 hash: | F48DE3A26F00253050481FA7F5CD3EC3 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 8 |
Start time: | 18:55:02 |
Start date: | 28/09/2024 |
Path: | C:\Users\user\AppData\Local\Temp\service123.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcb0000 |
File size: | 314'617'856 bytes |
MD5 hash: | F48DE3A26F00253050481FA7F5CD3EC3 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 61.1% |
Total number of Nodes: | 72 |
Total number of Limit Nodes: | 3 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB81E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 116libraryloaderCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB8230 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 62libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C454230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 32sleepsynchronizationclipboardCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB1296 Relevance: 5.1, APIs: 4, Instructions: 80stringCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB13BB Relevance: 5.1, APIs: 4, Instructions: 66stringCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39B1A0 Relevance: 1.4, APIs: 1, Instructions: 144COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39B310 Relevance: 1.3, APIs: 1, Instructions: 95COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C390FC0 Relevance: 22.6, APIs: 8, Strings: 4, Instructions: 1647stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C408280 Relevance: 17.7, Strings: 14, Instructions: 166COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38EE50 Relevance: 12.5, APIs: 8, Instructions: 494COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AE490 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 219stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A0610 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 212stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3970C0 Relevance: 9.6, APIs: 6, Instructions: 649COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB3E20 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3944F0 Relevance: 5.4, Strings: 4, Instructions: 351COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A04F0 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AC2C0 Relevance: 2.5, Strings: 2, Instructions: 42COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3C4490 Relevance: 2.1, APIs: 1, Instructions: 873COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3C2A7E Relevance: 2.1, APIs: 1, Instructions: 811COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3C11BE Relevance: 2.1, APIs: 1, Instructions: 811COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3C1E40 Relevance: 2.0, APIs: 1, Instructions: 790COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3C0580 Relevance: 2.0, APIs: 1, Instructions: 789COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AF510 Relevance: 2.0, APIs: 1, Instructions: 770stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3C77D0 Relevance: 1.9, APIs: 1, Instructions: 678COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3B2110 Relevance: 1.6, APIs: 1, Instructions: 357COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3DDA20 Relevance: 1.6, APIs: 1, Instructions: 328COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3D9910 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39E8C0 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A0010 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3CD99E Relevance: .8, Instructions: 838COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3D12C0 Relevance: .7, Instructions: 684COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3CFE10 Relevance: .7, Instructions: 683COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3D0870 Relevance: .7, Instructions: 674COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3CF3C0 Relevance: .7, Instructions: 671COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A4203 Relevance: .5, Instructions: 465COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C383000 Relevance: .4, Instructions: 356COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C444E80 Relevance: .3, Instructions: 292COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3FAD20 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C417100 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3FBF50 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3BB987 Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3F93B0 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AD050 Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3F7AC0 Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3BB98B Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C439900 Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3FAC70 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3FBAC0 Relevance: .1, Instructions: 67COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3FB280 Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3FBDF0 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C428250 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AD2B4 Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C454110 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3D9F90 Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AD424 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AD5A4 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AD724 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39AF80 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C382290 Relevance: 42.4, APIs: 28, Instructions: 354COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38B7A0 Relevance: 42.2, APIs: 28, Instructions: 162COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3828FA Relevance: 42.1, APIs: 28, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C382A2F Relevance: 42.1, APIs: 28, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3829F0 Relevance: 42.1, APIs: 28, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3828BB Relevance: 42.1, APIs: 28, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C382A6E Relevance: 42.1, APIs: 28, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C382B13 Relevance: 42.1, APIs: 28, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3829B1 Relevance: 42.1, APIs: 28, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C382AAD Relevance: 42.1, APIs: 28, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38B930 Relevance: 40.6, APIs: 27, Instructions: 135COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BFCC Relevance: 39.1, APIs: 26, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BEE7 Relevance: 37.6, APIs: 25, Instructions: 83COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BC1B Relevance: 37.6, APIs: 25, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BE00 Relevance: 37.5, APIs: 25, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BE70 Relevance: 37.5, APIs: 25, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BDC7 Relevance: 37.5, APIs: 25, Instructions: 44COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BE98 Relevance: 37.5, APIs: 25, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38BDE8 Relevance: 37.5, APIs: 25, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38C150 Relevance: 36.3, APIs: 24, Instructions: 284COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38C470 Relevance: 33.2, APIs: 22, Instructions: 152COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38D570 Relevance: 28.6, APIs: 19, Instructions: 116COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38D67C Relevance: 28.5, APIs: 19, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38D6C0 Relevance: 27.1, APIs: 18, Instructions: 138COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38D855 Relevance: 25.5, APIs: 17, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39C0E0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 130fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38D8A8 Relevance: 24.1, APIs: 16, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38DA90 Relevance: 22.6, APIs: 15, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38DCE0 Relevance: 21.1, APIs: 14, Instructions: 74COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38DD80 Relevance: 19.6, APIs: 13, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C390310 Relevance: 18.2, APIs: 12, Instructions: 165COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB1940 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 129fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38A690 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 129fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E0A0 Relevance: 16.6, APIs: 11, Instructions: 98COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E570 Relevance: 15.1, APIs: 10, Instructions: 145COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E59B Relevance: 15.1, APIs: 10, Instructions: 89COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E714 Relevance: 15.0, APIs: 10, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C399249 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 31libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A7170 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 237stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38FEE0 Relevance: 13.7, APIs: 9, Instructions: 186synchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E760 Relevance: 13.6, APIs: 9, Instructions: 67COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB14E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3813E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A74C0 Relevance: 12.2, APIs: 6, Strings: 2, Instructions: 211stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E800 Relevance: 12.1, APIs: 8, Instructions: 89COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB1E70 Relevance: 12.1, APIs: 8, Instructions: 84COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AB5C0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 212stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E8E0 Relevance: 10.7, APIs: 7, Instructions: 183COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38E340 Relevance: 10.6, APIs: 7, Instructions: 126synchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3901F0 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB8120 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C399171 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38EA9B Relevance: 10.5, APIs: 7, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C424890 Relevance: 10.2, APIs: 8, Instructions: 158COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C420720 Relevance: 10.2, APIs: 8, Instructions: 150COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38EB70 Relevance: 9.2, APIs: 6, Instructions: 203COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39AE10 Relevance: 9.1, APIs: 6, Instructions: 145COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C381020 Relevance: 9.1, APIs: 6, Instructions: 100sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A1CB0 Relevance: 9.0, APIs: 6, Instructions: 50stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A1A00 Relevance: 9.0, APIs: 6, Instructions: 49stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38ED31 Relevance: 9.0, APIs: 6, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39DE80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 130windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C389490 Relevance: 7.9, APIs: 4, Strings: 1, Instructions: 375stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3FD5C0 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 153stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3A7561 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 128stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38F840 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C4482D0 Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C399530 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C390290 Relevance: 7.5, APIs: 5, Instructions: 32memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB80D8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C399128 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C399293 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38A340 Relevance: 6.3, APIs: 5, Instructions: 98stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C450D40 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 283stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AE730 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 127stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3AE331 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 115stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB7C40 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C399660 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38F511 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38F6B0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3855A8 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 64stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB1001 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C3F9D20 Relevance: 6.0, APIs: 4, Instructions: 30stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C415B60 Relevance: 5.4, APIs: 4, Instructions: 369stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C415380 Relevance: 5.4, APIs: 4, Instructions: 369stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C414B80 Relevance: 5.4, APIs: 4, Instructions: 352stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C414380 Relevance: 5.4, APIs: 4, Instructions: 352stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C39DFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB6B60 Relevance: 5.1, APIs: 4, Instructions: 53sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C398080 Relevance: 5.1, APIs: 4, Instructions: 53sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00CB2000 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 6C38AB50 Relevance: 5.0, APIs: 4, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|