Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
modest-menu.exe

Overview

General Information

Sample name:modest-menu.exe
Analysis ID:1369399
MD5:ce03d8db32b901caba01fa8b1beefe54
SHA1:76377cea7317bd28af0ccaab276bd49360936a9d
SHA256:a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
PE file contains sections with non-standard names
Program does not show much activity (idle)

Classification

Process Tree

  • System is w10x64
  • modest-menu.exe (PID: 6504 cmdline: C:\Users\user\Desktop\modest-menu.exe MD5: CE03D8DB32B901CABA01FA8B1BEEFE54)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: modest-menu.exeVirustotal: Detection: 28%Perma Link
Machine Learning detection for sample
Source: modest-menu.exeJoe Sandbox ML: detected
Source: Binary string: C:\dev\src\build-KaluaMod-MSVC2019_64bit-Release-with-Debug-Information\modest-menu.pdbgD'GCTL source: modest-menu.exe, 00000000.00000003.2014241419.0000012D24DA0000.00000004.00001000.00020000.00000000.sdmp, modest-menu.exe, 00000000.00000002.2067282056.00007FF73DD2B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: modest-menu.exe, 00000000.00000002.2067361342.00007FF73DD72000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: modest-menu.exe, 00000000.00000002.2067361342.00007FF73DD72000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: F.pDb source: modest-menu.exe
Source: Binary string: C:\dev\src\build-KaluaMod-MSVC2019_64bit-Release-with-Debug-Information\modest-menu.pdb source: modest-menu.exe, 00000000.00000003.2014241419.0000012D24DA0000.00000004.00001000.00020000.00000000.sdmp, modest-menu.exe, 00000000.00000002.2067282056.00007FF73DD2B000.00000002.00000001.01000000.00000003.sdmp
Source: modest-menu.exe, 00000000.00000003.2014241419.0000012D24DA0000.00000004.00001000.00020000.00000000.sdmp, modest-menu.exe, 00000000.00000002.2067282056.00007FF73DD2B000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://unknowncheats.me~s~

System Summary

barindex
PE file contains section with special chars
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: Section: ZLIB complexity 0.9919249778928751
Source: modest-menu.exeStatic PE information: Section: ZLIB complexity 1.021484375
Source: modest-menu.exeStatic PE information: Section: ZLIB complexity 0.9923537234042553
Source: classification engineClassification label: mal76.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\modest-menu.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: modest-menu.exeVirustotal: Detection: 28%
Source: modest-menu.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: modest-menu.exeStatic file information: File size 17761792 > 1048576
Source: modest-menu.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0xfd6a00
Source: Binary string: C:\dev\src\build-KaluaMod-MSVC2019_64bit-Release-with-Debug-Information\modest-menu.pdbgD'GCTL source: modest-menu.exe, 00000000.00000003.2014241419.0000012D24DA0000.00000004.00001000.00020000.00000000.sdmp, modest-menu.exe, 00000000.00000002.2067282056.00007FF73DD2B000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: modest-menu.exe, 00000000.00000002.2067361342.00007FF73DD72000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: modest-menu.exe, 00000000.00000002.2067361342.00007FF73DD72000.00000040.00000001.01000000.00000003.sdmp
Source: Binary string: F.pDb source: modest-menu.exe
Source: Binary string: C:\dev\src\build-KaluaMod-MSVC2019_64bit-Release-with-Debug-Information\modest-menu.pdb source: modest-menu.exe, 00000000.00000003.2014241419.0000012D24DA0000.00000004.00001000.00020000.00000000.sdmp, modest-menu.exe, 00000000.00000002.2067282056.00007FF73DD2B000.00000002.00000001.01000000.00000003.sdmp
Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name:
Source: modest-menu.exeStatic PE information: section name: .themida
Source: modest-menu.exeStatic PE information: section name: .boot
Source: initial sampleStatic PE information: section name: entropy: 7.969802046320916

Boot Survival

barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\modest-menu.exeWindow searched: window name: FilemonClassJump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeWindow searched: window name: RegmonClassJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\modest-menu.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\modest-menu.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\modest-menu.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\modest-menu.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\modest-menu.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\modest-menu.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\modest-menu.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\modest-menu.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\modest-menu.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\modest-menu.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\modest-menu.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\modest-menu.exeProcess queried: DebugPortJump to behavior
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception32
Virtualization/Sandbox Evasion		OS Credential Dumping52
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Software Packing		LSASS Memory32
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataSIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyData Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCronLogin HookLogin HookBinary PaddingNTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureTraffic DuplicationProtocol ImpersonationData DestructionVirtual Private ServerEmployee Names

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
modest-menu.exe13%ReversingLabs
modest-menu.exe29%VirustotalBrowse
modest-menu.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://unknowncheats.me~s~0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://unknowncheats.me~s~modest-menu.exe, 00000000.00000003.2014241419.0000012D24DA0000.00000004.00001000.00020000.00000000.sdmp, modest-menu.exe, 00000000.00000002.2067282056.00007FF73DD2B000.00000002.00000001.01000000.00000003.sdmpfalse
  • Avira URL Cloud: safe
low

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:38.0.0 Ammolite
Analysis ID:1369399
Start date and time:2024-01-03 17:42:13 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 3s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:modest-menu.exe
Detection:MAL
Classification:mal76.evad.winEXE@1/0@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):7.956431953168299
TrID:
  • Win64 Executable GUI (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:modest-menu.exe
File size:17'761'792 bytes
MD5:ce03d8db32b901caba01fa8b1beefe54
SHA1:76377cea7317bd28af0ccaab276bd49360936a9d
SHA256:a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4
SHA512:40ef98ee1dd411d3f634f9fe1ccdac0bc8fa5d13b1392ac5d045bf130db6efc5ebae48298d02a732fe634af953af10c004d54c3a4d5862b7f9cd6736f6ddbfca
SSDEEP:393216:YwOMvc42XGU57JO0OTOUbHvnqdLNZHgbATTT9:Yeh2Xb1Ra4LNibATv
TLSH:2B073312879838BEE23F7BB075BAFC19429D87432B8F5F929D158D01CC92D2189E61D7
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)J..m+..m+..m+..dS[.y+...#..o+..xT5.l+..xT..g+..xT..i+..xT..p+..xT..k+..[...q+..[...l+...[..d+..m+...*..[...N+..[.7.l+..[...l+.

File Icon

Icon Hash:011123c78f1d1911

Static PE Info

General

Entrypoint:0x141a38058
Entrypoint Section:.boot
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:0x658EE64A [Fri Dec 29 15:31:22 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:1ac7a29b3a17ee0b14db3fb5f26573a0

Entrypoint Preview

Instruction
call 00007F43AD6EB4B7h
inc ecx
push edx
dec ecx
mov edx, esp
inc ecx
push edx
dec ecx
mov esi, dword ptr [edx+10h]
dec ecx
mov edi, dword ptr [edx+20h]
cld
mov dl, 80h
mov al, byte ptr [esi]
dec eax
inc esi
mov byte ptr [edi], al
dec eax
inc edi
mov ebx, 00000002h
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jnc 00007F43AD6EB316h
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jnc 00007F43AD6EB390h
xor eax, eax
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jnc 00007F43AD6EB438h
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
je 00007F43AD6EB33Bh
push edi
mov eax, eax
dec eax
sub edi, eax
mov al, byte ptr [edi]
pop edi
mov byte ptr [edi], al
dec eax
inc edi
mov ebx, 00000002h
jmp 00007F43AD6EB2BAh
mov eax, 00000001h
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
adc eax, eax
add dl, dl
jne 00007F43AD6EB339h
mov dl, byte ptr [esi]
dec eax
inc esi
adc dl, dl
jc 00007F43AD6EB318h
sub eax, ebx
mov ebx, 00000001h
jne 00007F43AD6EB360h
mov ecx, 00000001h

Rich Headers

Programming Language:
  • [IMP] VS2008 SP1 build 30729

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x2282b20x280.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x2290000x8972.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x19d3e8c0x384fc.themida
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
0x10000x1e9cdf0xf7600False0.9919249778928751data7.969802046320916IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
0x1eb0000x2bdfe0x12c00False0.9445572916666667data7.902390442599979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
0x2170000x45d00x200False1.021484375data7.488643001514836IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0x21c0000x89800x5e00False0.9923537234042553data7.933534401621618IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
0x2250000x20040x600False0.8873697916666666data7.471715817215008IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.idata0x2280000x10000x600False0.3151041666666667data3.659656838556225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x2290000x8a000x8a00False0.6445595561594203data6.180342895606675IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.themida0x2320000x18060000x0unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.boot0x1a380000xfd6a000xfd6a00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x2291280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/mEnglishUnited States0.5460992907801419
RT_ICON0x2295a00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304, resolution 3779 x 3779 px/mEnglishUnited States0.40614754098360656
RT_ICON0x229f380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/mEnglishUnited States0.324108818011257
RT_ICON0x22aff00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/mEnglishUnited States0.2446058091286307
RT_ICON0x22d5a80x436bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9896865403557564
RT_GROUP_ICON0x2319240x4cdataEnglishUnited States0.7763157894736842

Imports

DLLImport
kernel32.dllGetModuleHandleA
USER32.dllGetAsyncKeyState
GDI32.dllBitBlt
MSVCP140.dll_Mtx_init_in_situ
VCRUNTIME140.dll__current_exception_context
VCRUNTIME140_1.dll__CxxFrameHandler4
api-ms-win-crt-runtime-l1-1-0.dll_register_onexit_function
api-ms-win-crt-convert-l1-1-0.dllstrtod
api-ms-win-crt-stdio-l1-1-0.dllfeof
api-ms-win-crt-heap-l1-1-0.dllcalloc
api-ms-win-crt-filesystem-l1-1-0.dll_lock_file
api-ms-win-crt-string-l1-1-0.dllisspace
api-ms-win-crt-math-l1-1-0.dllacosf
api-ms-win-crt-locale-l1-1-0.dll___lc_codepage_func
api-ms-win-crt-time-l1-1-0.dll_time64
api-ms-win-crt-environment-l1-1-0.dllgetenv
ntdll.dllRtlCaptureContext

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

General

Target ID:0
Start time:17:42:59
Start date:03/01/2024
Path:C:\Users\user\Desktop\modest-menu.exe
Wow64 process (32bit):false
Commandline:C:\Users\user\Desktop\modest-menu.exe
Imagebase:0x7ff73db40000
File size:17'761'792 bytes
MD5 hash:CE03D8DB32B901CABA01FA8B1BEEFE54
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

No disassembly