Edit tour

Windows Analysis Report
Zapytanie ofertowe (7427-23 ROCKFIN).exe

Overview

General Information

Sample name:	Zapytanie ofertowe (7427-23 ROCKFIN).exe
Analysis ID:	1430199
MD5:	1f1abb143c8b30fb865bc08257345941
SHA1:	05b50da690ba76f4aeae4acee59d1d6d2e66f6b2
SHA256:	517a4c4d84de92e88d51de7f864fbdff01b5b2a3e6e0930a291ada3787af9441
Tags:	exe
Infos:

Detection

AgentTesla, DarkTortilla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

Yara detected DarkTortilla Crypter

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

Allocates memory in foreign processes

Contains functionality to log keystrokes (.Net Source)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to launch a process as a different user

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Uses SMTP (mail sending)

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Zapytanie ofertowe (7427-23 ROCKFIN).exe (PID: 6580 cmdline: "C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe" MD5: 1F1ABB143C8B30FB865BC08257345941)

InstallUtil.exe (PID: 7708 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Name	Description	Attribution	Blogpost URLs	Link
DarkTortilla	DarkTortilla is a complex and highly configurable .NET-based crypter that has possibly been active since at least August 2015. It typically delivers popular information stealers and remote access trojans (RATs) such as AgentTesla, AsyncRat, NanoCore, and RedLine. While it appears to primarily deliver commodity malware, Secureworks Counter Threat Unit (CTU) researchers identified DarkTortilla samples delivering targeted payloads such as Cobalt Strike and Metasploit. It can also deliver "addon packages" such as additional malicious payloads, benign decoy documents, and executables. It features robust anti-analysis and anti-tamper controls that can make detection, analysis, and eradication challenging.From January 2021 through May 2022, an average of 93 unique DarkTortilla samples per week were uploaded to the VirusTotal analysis service. Code similarities suggest possible links between DarkTortilla and other malware: a crypter operated by the RATs Crew threat group, which was active between 2008 and 2012, and the Gameloader malware that emerged in 2021.	No Attribution	https://www.secureworks.com/research/darktortilla-malware-analysis	https://malpedia.caad.fkie.fraunhofer.de/details/win.darktortilla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.ionos.es", "Username": "eurospring@eurospring.es", "Password": "B-60595022bcn"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000005.00000002.2923460552.00000000033AE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000002.2923460552.00000000033D8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.2383310940.00000000032EF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
00000000.00000002.2396033362.0000000006C20000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.2389417010.000000000450F000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
00000005.00000002.2923460552.0000000003361000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000002.2923460552.0000000003361000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: InstallUtil.exe PID: 7708	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: InstallUtil.exe PID: 7708	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.450fa20.4.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.450fa20.4.raw.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.6c20000.5.raw.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.6c20000.5.unpack	JoeSecurity_DarkTortilla	Yara detected DarkTortilla Crypter	Joe Security
5.2.InstallUtil.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
5.2.InstallUtil.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
5.2.InstallUtil.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33521:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33593:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3361d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x336af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33719:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3378b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33821:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x338b1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31721:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31793:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3181d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x318af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31919:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3198b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x31a21:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31ab1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31721:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31793:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3181d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x318af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31919:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3198b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x31a21:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31ab1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31721:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31793:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3181d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x318af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31919:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3198b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x31a21:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31ab1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x31721:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31793:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3181d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x318af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x31919:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3198b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x31a21:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31ab1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33521:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6dd41:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33593:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6ddb3:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3361d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6de3d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x336af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6decf:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33719:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6df39:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3378b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6dfab:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33821:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6e041:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x338b1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x6e0d1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33521:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6dff1:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33593:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6e063:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3361d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6e0ed:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x336af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6e17f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33719:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6e1e9:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3378b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6e25b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33821:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6e2f1:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x338b1:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x6e381:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33521:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6dfdf:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xa87ff:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33593:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6e051:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xa8871:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3361d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6e0db:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xa88fb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x336af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6e16d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xa898d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33719:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6e1d7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xa89f7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3378b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6e249:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xa8a69:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33821:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6e2df:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0xa8aff:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x33521:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6e001:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xa8ad1:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33593:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6e073:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xa8b43:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x3361d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6e0fd:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xa8bcd:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x336af:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6e18f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xa8c5f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x33719:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6e1f9:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xa8cc9:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x3378b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6e26b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xa8d3b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x33821:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6e301:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0xa8dd1:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
Click to see the 26 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 213.165.67.118, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 7708, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49743

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe

Avira: detected

Found malware configuration

Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.ionos.es", "Username": "eurospring@eurospring.es", "Password": "B-60595022bcn"}

Multi AV Scanner detection for submitted file

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe	ReversingLabs: Detection: 26%
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe	Virustotal: Detection: 32%			Perma Link

Machine Learning detection for sample

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe

Joe Sandbox ML: detected

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: global traffic

TCP traffic: 192.168.2.4:49743 -> 213.165.67.118:587

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 213.165.67.118 213.165.67.118

Source: Joe Sandbox View

ASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE

Source: global traffic

TCP traffic: 192.168.2.4:49743 -> 213.165.67.118:587

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: InstallUtil.exe, 00000005.00000002.2922499100.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.00000000064A2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.0000000006450000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt0
Source: InstallUtil.exe, 00000005.00000002.2922499100.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.00000000064A2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.0000000006450000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl0v
Source: InstallUtil.exe, 00000005.00000002.2922499100.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.00000000064A2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0=
Source: InstallUtil.exe, 00000005.00000002.2922499100.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.00000000064A2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0B
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2383310940.00000000032C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://smtp.ionos.es
Source: InstallUtil.exe, 00000005.00000002.2922499100.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.00000000064A2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.0000000006450000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://status.geotrust.com0
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: InstallUtil.exe, 00000005.00000002.2922499100.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.00000000064A2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.0000000006450000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe	String found in binary or memory: http://www.google.com
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2383310940.00000000032C1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp, Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2383310940.00000000032EF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/other-hp
Source: InstallUtil.exe, 00000005.00000002.2922499100.00000000016EC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.00000000064A2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, cPKWk.cs	.Net Code: LD9oNfi
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack, cPKWk.cs	.Net Code: LD9oNfi
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack, cPKWk.cs	.Net Code: LD9oNfi
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack, cPKWk.cs	.Net Code: LD9oNfi

System Summary

Malicious sample detected (through community Yara rule)

Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Code function: 0_2_08C5FBA8 CreateProcessAsUserW,

0_2_08C5FBA8

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_01914D00	0_2_01914D00
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_01916D58	0_2_01916D58
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_01917C38	0_2_01917C38
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_0191A7F0	0_2_0191A7F0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_05DA79BC	0_2_05DA79BC
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_05DA17B0	0_2_05DA17B0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_05DA17A3	0_2_05DA17A3
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_05DA10BD	0_2_05DA10BD
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06D9480C	0_2_06D9480C
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06D9161C	0_2_06D9161C
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06D93410	0_2_06D93410
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06D93400	0_2_06D93400
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06D953B0	0_2_06D953B0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06EE8918	0_2_06EE8918
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06EE88F8	0_2_06EE88F8
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08218938	0_2_08218938
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08212968	0_2_08212968
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08213C20	0_2_08213C20
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08238268	0_2_08238268
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_082325A0	0_2_082325A0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08233B20	0_2_08233B20
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08233B11	0_2_08233B11
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_087AEED0	0_2_087AEED0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_087A5E6D	0_2_087A5E6D
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_087A5EA0	0_2_087A5EA0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C50C70	0_2_08C50C70
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C52C78	0_2_08C52C78
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C51D68	0_2_08C51D68
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C587D8	0_2_08C587D8
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C59F40	0_2_08C59F40
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C590F9	0_2_08C590F9
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C50040	0_2_08C50040
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C50C6F	0_2_08C50C6F
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C50006	0_2_08C50006
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C54D88	0_2_08C54D88
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C5DDA8	0_2_08C5DDA8
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C54D78	0_2_08C54D78
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C59108	0_2_08C59108
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C55E99	0_2_08C55E99
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C58A77	0_2_08C58A77
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C58A78	0_2_08C58A78
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C54A09	0_2_08C54A09
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C54FC0	0_2_08C54FC0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C587C8	0_2_08C587C8
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C553E1	0_2_08C553E1
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C5C7E0	0_2_08C5C7E0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C553F0	0_2_08C553F0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C52B80	0_2_08C52B80
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C51398	0_2_08C51398
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C54FB0	0_2_08C54FB0
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C59770	0_2_08C59770
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C55F0D	0_2_08C55F0D
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C54709	0_2_08C54709
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08C53B18	0_2_08C53B18
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_08218929	0_2_08218929
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01699BF2	5_2_01699BF2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01694A98	5_2_01694A98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_0169CDC0	5_2_0169CDC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01693E80	5_2_01693E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_016941C8	5_2_016941C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_065756E0	5_2_065756E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_06573F58	5_2_06573F58
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_0657BCF8	5_2_0657BCF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_0657DCB5	5_2_0657DCB5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_06572AF8	5_2_06572AF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_06578B87	5_2_06578B87
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_06570040	5_2_06570040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_06573247	5_2_06573247
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_06575000	5_2_06575000

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000000.1654187983.000000000025A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamecali crypted.exe@ vs Zapytanie ofertowe (7427-23 ROCKFIN).exe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameae2483b3-f78c-4d8c-9f6c-5ea2aebc8f8f.exe4 vs Zapytanie ofertowe (7427-23 ROCKFIN).exe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2398343896.0000000008800000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameRP8SH.dll, vs Zapytanie ofertowe (7427-23 ROCKFIN).exe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2396033362.0000000006C20000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMiPro.dll, vs Zapytanie ofertowe (7427-23 ROCKFIN).exe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameae2483b3-f78c-4d8c-9f6c-5ea2aebc8f8f.exe4 vs Zapytanie ofertowe (7427-23 ROCKFIN).exe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2382670548.000000000150E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Zapytanie ofertowe (7427-23 ROCKFIN).exe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.000000000450F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMiPro.dll, vs Zapytanie ofertowe (7427-23 ROCKFIN).exe
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe	Binary or memory string: OriginalFilenamecali crypted.exe@ vs Zapytanie ofertowe (7427-23 ROCKFIN).exe

Source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers

Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, cPs8D.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, 72CF8egH.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, G5CXsdn.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, 3uPsILA6U.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, 6oQOw74dfIt.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, aMIWm.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformBlock'
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, 3QjbQ514BDx.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, 3QjbQ514BDx.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@2/2

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Zapytanie ofertowe (7427-23 ROCKFIN).exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Mutant created: NULL

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe	ReversingLabs: Detection: 26%
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe	Virustotal: Detection: 32%

Source: unknown	Process created: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe "C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe"
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

Yara detected DarkTortilla Crypter

Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.450fa20.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.450fa20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.6c20000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.6c20000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2383310940.00000000032EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2396033362.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2389417010.000000000450F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580, type: MEMORYSTR

.NET source code contains method to dynamically call methods (often used by packers)

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, j7.cs

.Net Code: NewLateBinding.LateCall(objectValue3, (Type)null, "Invoke", new object[2]{null,new object[0]}, (string[])null, (Type[])null, (bool[])null, true)

.NET source code contains potential unpacker

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, j7.cs

.Net Code: t2K System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_019162C8 push esp; ret	0_2_019162D1
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06D9D758 push es; ret	0_2_06D9D770
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06D99092 push dword ptr [ecx+ecx-75h]; iretd	0_2_06D9909A
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_06EE7A68 pushfd ; ret	0_2_06EE7A75
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Code function: 0_2_087AF8EC push eax; iretd	0_2_087AF8ED
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 5_2_01699B40 push esp; retf 019Dh	5_2_01699BF1

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, Hc2.cs

High entropy of concatenated method names: 'Pp1', 'Km9', 'g8X', 'Zc0', 'Ms9', 'y4T', 'Kc5', 'Ne8', 'k2J', 'Ey9'

Hooking and other Techniques for Hiding and Protection

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

File opened: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe\:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580, type: MEMORYSTR

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: 1910000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: 32C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: 1950000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: 9000000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: A000000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: A1F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: B1F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: B5D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: C5D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory allocated: D5D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 1650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 3360000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 31A0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Window / User API: threadDelayed 1605	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Window / User API: threadDelayed 8246	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 4484	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 995	Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe TID: 7252	Thread sleep time: -37815825351104557s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe TID: 7252	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -14757395258967632s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8012	Thread sleep count: 4484 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99891s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8012	Thread sleep count: 995 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99672s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99453s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99343s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99125s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -99016s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98891s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98781s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98672s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98562s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98452s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98344s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98234s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98124s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -98016s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97891s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97766s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97547s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97438s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97313s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97188s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -97078s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8004	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99891	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99672	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99453	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99343	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99125	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 99016	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98891	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98781	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98672	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98562	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98452	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98344	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98234	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98124	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 98016	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97891	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97438	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97313	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97188	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 97078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2396033362.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.000000000450F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VBoxTray
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.000000000450F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: sandboxierpcssGSOFTWARE\VMware, Inc.\VMware VGAuth
Source: Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2382776548.0000000001599000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2928291445.0000000006450000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 1029008	Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2923460552.00000000033AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2923460552.00000000033D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2923460552.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7708, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File opened: C:\FTP Navigator\Ftplist.txt

Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Yara match	File source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2923460552.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7708, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 5.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4465e10.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.437b302.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.442b352.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Zapytanie ofertowe (7427-23 ROCKFIN).exe.4340822.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000002.2923460552.00000000033AE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2923460552.00000000033D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2923460552.0000000003361000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Zapytanie ofertowe (7427-23 ROCKFIN).exe PID: 6580, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 7708, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Valid Accounts	1 Valid Accounts	1 Deobfuscate/Decode Files or Information	1 Input Capture	24 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Access Token Manipulation	1 Obfuscated Files or Information	1 Credentials in Registry	111 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	311 Process Injection	2 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	1 Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	141 Virtualization/Sandbox Evasion	SSH	Keylogging	12 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Valid Accounts	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	141 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	311 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Zapytanie ofertowe (7427-23 ROCKFIN).exe	26%	ReversingLabs	ByteCode-MSIL.Trojan.CrypterX
Zapytanie ofertowe (7427-23 ROCKFIN).exe	32%	Virustotal		Browse
Zapytanie ofertowe (7427-23 ROCKFIN).exe	100%	Avira	HEUR/AGEN.1306374
Zapytanie ofertowe (7427-23 ROCKFIN).exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
smtp.ionos.es	2%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://csp.withgoogle.com/csp/gws/other-hp	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	Avira URL Cloud	safe
http://smtp.ionos.es	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/cThe	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/cThe	0%	Virustotal		Browse
http://www.zhongyicts.com.cn	1%	Virustotal		Browse
http://smtp.ionos.es	2%	Virustotal		Browse
http://www.founder.com.cn/cn	0%	Virustotal		Browse
http://www.founder.com.cn/cn/bThe	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	74.125.136.99	true	false		high
smtp.ionos.es	213.165.67.118	true	true	2%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.google.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://account.dyn.com/	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp, Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers?	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
https://csp.withgoogle.com/csp/gws/other-hp	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2383310940.00000000032EF000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.tiro.com	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://smtp.ionos.es	InstallUtil.exe, 00000005.00000002.2923460552.00000000033B6000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.typography.netD	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/cThe	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.google.com	Zapytanie ofertowe (7427-23 ROCKFIN).exe	false		high
http://www.fonts.com	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2383310940.00000000032C1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	Zapytanie ofertowe (7427-23 ROCKFIN).exe, 00000000.00000002.2397169268.0000000008282000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
74.125.136.99	www.google.com	United States		15169	GOOGLEUS	false
213.165.67.118	smtp.ionos.es	Germany		8560	ONEANDONE-ASBrauerstrasse48DE	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430199
Start date and time:	2024-04-23 09:50:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Zapytanie ofertowe (7427-23 ROCKFIN).exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 94% Number of executed functions: 184 Number of non-executed functions: 36
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:51:05	API Interceptor	205x Sleep call for process: Zapytanie ofertowe (7427-23 ROCKFIN).exe modified
09:52:09	API Interceptor	27x Sleep call for process: InstallUtil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
213.165.67.118	Tepanec.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse
	9oDrWfhX1I.exe	Get hash	malicious	AgentTesla	Browse
	cloud.exe	Get hash	malicious	AgentTesla	Browse
	MAP - 0013_1664926093267.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse
	Molex Parts Table 14-03-2024.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse
	rgbxxxxxxxxxxxxxx.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse
	ENGINE PARTS -KTK (1).vbs	Get hash	malicious	AgentTesla, GuLoader	Browse
	01K80A_40ML5.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse
	2cc7pu1yUl.exe	Get hash	malicious	AgentTesla	Browse
	FIYAT.bat.exe	Get hash	malicious	AgentTesla	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
smtp.ionos.es	Tepanec.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	213.165.67.118
	9oDrWfhX1I.exe	Get hash	malicious	AgentTesla	Browse	213.165.67.118
	cloud.exe	Get hash	malicious	AgentTesla	Browse	213.165.67.118
	MAP - 0013_1664926093267.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	213.165.67.118
	SecuriteInfo.com.W32.MSIL_Kryptik.DSR.gen.Eldorado.16905.957.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	213.165.67.102
	Molex Parts Table 14-03-2024.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	213.165.67.118
	rgbxxxxxxxxxxxxxx.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	213.165.67.118
	ENGINE PARTS -KTK (1).vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	213.165.67.118
	01K80A_40ML5.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	213.165.67.118
	Quotation-ZX6350ZA Drilling Cum Milling Machine.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	213.165.67.102

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ONEANDONE-ASBrauerstrasse48DE	INQ No.KP-50-000-PS-IN-INQ-0027.exe	Get hash	malicious	FormBook	Browse	217.76.128.34
	https://lamerelea.com/	Get hash	malicious	Unknown	Browse	217.160.0.59
	Gq7FlDf6cE.elf	Get hash	malicious	Mirai	Browse	217.174.247.147
	Signed Proforma Invoice 3645479_pdf.vbs	Get hash	malicious	FormBook	Browse	217.160.0.95
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	82.165.105.163
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	82.165.105.163
	Tepanec.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	213.165.67.118
	1704202412475.EXE.exe	Get hash	malicious	FormBook, GuLoader	Browse	217.160.0.183
	16042024124528724.exe	Get hash	malicious	FormBook, GuLoader	Browse	217.160.0.183
	HYCO_Invoices MS2 & MS3.exe	Get hash	malicious	FormBook	Browse	217.76.128.34

Process:	C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4x84qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHxviYHKh3oPtHo6hAHKzea
MD5:	7B709BC412BEC5C3CFD861C041DAD408
SHA1:	532EA6BB3018AE3B51E7A5788F614A6C49252BCF
SHA-256:	733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
SHA-512:	B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	6.308187117246971
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Zapytanie ofertowe (7427-23 ROCKFIN).exe
File size:	880'128 bytes
MD5:	1f1abb143c8b30fb865bc08257345941
SHA1:	05b50da690ba76f4aeae4acee59d1d6d2e66f6b2
SHA256:	517a4c4d84de92e88d51de7f864fbdff01b5b2a3e6e0930a291ada3787af9441
SHA512:	78729beb5f01c262d11dc87911d70250ba45e5e32f9b86d28b26e300830546d86cb9ae6c259fbb65ddd77d2ccbdfbbac4d9d6053b567df4fd4e47d33fc588d68
SSDEEP:	12288:DXc87X+bXPXST4Fof1XUhe8IbxEnZLPvwinr9TGWDmK7:DXcH/X4y99ZLPY89T9DmK7
TLSH:	CC157DEB07A6B905FABF2BB55766D280977458C33D81D54C40838385AB3B2C2FE941E7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u.Dd.........."...P..f............... ........@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4d84ce
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6444DC75 [Sun Apr 23 07:21:25 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd847c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xda000	0x3dc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xdc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xd64d4	0xd6600	736d6f5330da47361502aea96e011cc7	False	0.5424779063411078	data	6.314561669335003	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xda000	0x3dc	0x400	e67a99bcf3dab65653ed4f422024c071	False	0.4189453125	data	3.364600830660999	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xdc000	0xc	0x200	c2178002fe33ca701b5343f3544e9b7e	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xda058	0x384	data			0.44

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 09:50:56.819644928 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:56.924561024 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:56.924643040 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:56.925709009 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.030479908 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.091916084 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.091959000 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.091983080 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092003107 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092022896 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092042923 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092067003 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092118025 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092149019 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.092154980 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092180967 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.092192888 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.092236042 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.197135925 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.197191000 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.197385073 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.200680971 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.200720072 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.200772047 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.208055019 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.208095074 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.208143950 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.215415955 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.215454102 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.215502024 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.222712040 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.222748995 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.222798109 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.230000973 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.230038881 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.230082035 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.237405062 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.237442970 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.237488031 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.244671106 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.244710922 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.244765043 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.252058029 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.252095938 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.252145052 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.259419918 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.259457111 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.259506941 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.302422047 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.302460909 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.302664995 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.305915117 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.305952072 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.305999041 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.313263893 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.313301086 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.313354015 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.320561886 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.320599079 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.320647955 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.327902079 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.327939034 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.327982903 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.335280895 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.335319996 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.335371971 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.342643976 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.342684984 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.342732906 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:50:57.349924088 CEST	80	49730	74.125.136.99	192.168.2.4
Apr 23, 2024 09:50:57.389933109 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:52:09.329361916 CEST	49730	80	192.168.2.4	74.125.136.99
Apr 23, 2024 09:52:10.529087067 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:10.740870953 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:10.741085052 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:10.954797029 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:10.962194920 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:11.173938990 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:11.173980951 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:11.178189993 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:11.390005112 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:11.396984100 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:11.610701084 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:11.610745907 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:11.610785007 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:11.610830069 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:11.612586021 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:11.824475050 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:11.842653036 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:12.054497004 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:12.055847883 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:12.267606020 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:12.267925024 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:12.510812044 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:12.511097908 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:12.725045919 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:12.725267887 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:12.944572926 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:12.948524952 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:13.160267115 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:13.160979986 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:13.160979986 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:13.160979986 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:13.161011934 CEST	49743	587	192.168.2.4	213.165.67.118
Apr 23, 2024 09:52:13.372620106 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:13.372668028 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:13.381689072 CEST	587	49743	213.165.67.118	192.168.2.4
Apr 23, 2024 09:52:13.436820984 CEST	49743	587	192.168.2.4	213.165.67.118

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 09:50:56.705332041 CEST	65040	53	192.168.2.4	1.1.1.1
Apr 23, 2024 09:50:56.810250998 CEST	53	65040	1.1.1.1	192.168.2.4
Apr 23, 2024 09:52:10.395751953 CEST	52185	53	192.168.2.4	1.1.1.1
Apr 23, 2024 09:52:10.521214008 CEST	53	52185	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 09:50:56.705332041 CEST	192.168.2.4	1.1.1.1	0x7283	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:52:10.395751953 CEST	192.168.2.4	1.1.1.1	0xddaa	Standard query (0)	smtp.ionos.es	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 09:50:56.810250998 CEST	1.1.1.1	192.168.2.4	0x7283	No error (0)	www.google.com	74.125.136.99	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:50:56.810250998 CEST	1.1.1.1	192.168.2.4	0x7283	No error (0)	www.google.com	74.125.136.103	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:50:56.810250998 CEST	1.1.1.1	192.168.2.4	0x7283	No error (0)	www.google.com	74.125.136.104	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:50:56.810250998 CEST	1.1.1.1	192.168.2.4	0x7283	No error (0)	www.google.com	74.125.136.147	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:50:56.810250998 CEST	1.1.1.1	192.168.2.4	0x7283	No error (0)	www.google.com	74.125.136.105	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:50:56.810250998 CEST	1.1.1.1	192.168.2.4	0x7283	No error (0)	www.google.com	74.125.136.106	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:52:10.521214008 CEST	1.1.1.1	192.168.2.4	0xddaa	No error (0)	smtp.ionos.es	213.165.67.118	A (IP address)	IN (0x0001)	false
Apr 23, 2024 09:52:10.521214008 CEST	1.1.1.1	192.168.2.4	0xddaa	No error (0)	smtp.ionos.es	213.165.67.102	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	74.125.136.99	80	6580	C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe

Timestamp	Bytes transferred	Direction	Data
Apr 23, 2024 09:50:56.925709009 CEST	64	OUT	GET / HTTP/1.1 Host: www.google.com Connection: Keep-Alive
Apr 23, 2024 09:50:57.091916084 CEST	1289	IN	HTTP/1.1 200 OK Date: Tue, 23 Apr 2024 07:50:57 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-MsjtI-ZVdL4AUpnEM-xirA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AQTF6Hzb9BhGXXbyWi-U4RroibJjmxwpnVY4IQpNq4oOQOjBjdo6sbRqpg; expires=Sun, 20-Oct-2024 07:50:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=513=jUI75zibpJm5tBNXN5f7Ej0J7nDEqN6G6smA9YLyymq7MJzDsIG0-QnKWRu5Yr-JaV9S7T_TUTrc_IF1kt44QM_LMu0XHcLHDvwzPfn4ebUaoP4oX7Z3yFr9icASggWFbT_baIj2_KWxxT53MS6KtSy-6UJMTiJ40MViYBlQ0s0; expires=Wed, 23-Oct-2024 07:50:56 GMT; path=/; domain=.google.com; HttpOnly Accept-Ranges: none Vary: Accept-Encoding Transfer-Encoding: chunked Data Raw: 33 39 31 36 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 53 65 61 72 63 68 20 74 68 65 20 77 6f 72 6c 64 27 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2c 20 69 6e 63 6c 75 64 69 6e 67 20 77 65 62 70 61 67 65 73 2c 20 69 6d 61 67 65 73 2c 20 76 69 64 65 6f 73 20 61 6e 64 20 6d 6f 72 65 2e 20 47 6f 6f 67 6c 65 20 68 61 73 20 6d 61 6e 79 20 73 70 65 63 69 61 6c 20 66 65 61 74 75 72 65 73 20 74 6f 20 68 65 6c 70 20 79 6f 75 20 66 69 6e 64 20 65 78 61 63 74 6c 79 20 77 68 61 Data Ascii: 3916<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta content="Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly wha
Apr 23, 2024 09:50:57.091959000 CEST	1289	IN	Data Raw: 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 6f 64 70 2c 20 22 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 3e 3c 6d Data Ascii: t you're looking for." name="description"><meta content="noodp, " name="robots"><meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><t
Apr 23, 2024 09:50:57.091983080 CEST	1289	IN	Data Raw: 30 32 2c 37 2c 35 36 32 2c 34 2c 31 32 36 2c 35 34 2c 32 2c 32 32 32 2c 38 32 39 2c 32 2c 36 39 32 2c 31 34 36 2c 39 33 31 2c 37 30 35 2c 34 31 32 2c 32 39 35 2c 35 39 33 2c 36 38 36 2c 36 36 30 2c 34 36 33 2c 34 34 37 2c 32 2c 31 2c 31 34 2c 31 Data Ascii: 02,7,562,4,126,54,2,222,829,2,692,146,931,705,412,295,593,686,660,463,447,2,1,14,1,1581,432,278,5,97,474,2,4,389,45,5,1156,1419,540,24,5,223,2,1099,1076,1698,758,213,180,8,1,885,2,440,1090,78,1067,1,388,1,13,125,298,220,246,1,161,1,3,52,427,25
Apr 23, 2024 09:50:57.092003107 CEST	1289	IN	Data Raw: 20 65 3d 22 22 3b 2d 31 3d 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 65 69 3d 22 29 26 26 28 65 3d 22 26 65 69 3d 22 2b 70 28 64 29 2c 2d 31 3d 3d 3d 62 2e 73 65 61 72 63 68 28 22 26 6c 65 69 3d 22 29 26 26 28 64 3d 71 28 64 29 29 26 26 28 65 2b 3d Data Ascii: e="";-1===b.search("&ei=")&&(e="&ei="+p(d),-1===b.search("&lei=")&&(d=q(d))&&(e+="&lei="+d));d="";var g=-1===b.search("&cshid=")&&"slh"!==a,f=[];f.push(["zx",Date.now().toString()]);h._cshid&&g&&f.push(["cshid",h._cshid]);c=c();null!=c&&f.pus
Apr 23, 2024 09:50:57.092022896 CEST	1289	IN	Data Raw: 6e 74 4c 69 73 74 65 6e 65 72 28 22 73 75 62 6d 69 74 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 61 3b 69 66 28 61 3d 62 2e 74 61 72 67 65 74 29 7b 76 61 72 20 63 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 73 75 Data Ascii: ntListener("submit",function(b){var a;if(a=b.target){var c=a.getAttribute("data-submitfalse");a="1"===c\|\|"q"===c&&!a.elements.q.value?!0:!1}else a=!1;a&&(b.preventDefault(),b.stopPropagation())},!0);document.documentElement.addEventListener("c
Apr 23, 2024 09:50:57.092042923 CEST	1289	IN	Data Raw: 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 69 6c 74 65 72 3a 61 6c 70 68 61 28 6f 70 61 63 69 74 79 3d 30 29 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 3b Data Ascii: !important;filter:alpha(opacity=0) !important}.gbm{position:absolute;z-index:999;top:-999px;visibility:hidden;text-align:left;border:1px solid #bebebe;background:#fff;-moz-box-shadow:-1px 1px 1px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rg
Apr 23, 2024 09:50:57.092067003 CEST	1289	IN	Data Raw: 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d Data Ascii: moz-inline-box;display:inline-block;line-height:27px;padding:0;vertical-align:top}.gbt{*display:inline}.gbto{box-shadow:0 2px 4px rgba(0,0,0,.2);-moz-box-shadow:0 2px 4px rgba(0,0,0,.2);-webkit-box-shadow:0 2px 4px rgba(0,0,0,.2)}.gbzt,.gbgt{c
Apr 23, 2024 09:50:57.092118025 CEST	1289	IN	Data Raw: 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 70 64 6a 73 20 2e 67 62 74 6f 20 2e 67 62 6d 7b 6d 69 6e 2d 77 69 64 74 68 3a 39 39 25 7d 2e 67 62 Data Ascii: ;outline:none;text-decoration:none !important}.gbpdjs .gbto .gbm{min-width:99%}.gbz0l .gbtb2{border-top-color:#dd4b39!important}#gbi4s,#gbi4s1{font-weight:bold}#gbg6.gbgt-hvr,#gbg6.gbgt:focus{background-color:transparent;background-image:none}
Apr 23, 2024 09:50:57.092154980 CEST	1289	IN	Data Raw: 39 30 30 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 67 62 6d 74 2c 2e 67 62 6d 6c 31 2c 2e 67 62 6d 6c 62 2c 2e 67 62 6d 74 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 31 3a 76 69 73 69 74 65 64 2c 2e 67 62 6d 6c 62 3a 76 69 73 69 74 65 64 7b 63 6f 6c Data Ascii: 900 !important}.gbmt,.gbml1,.gbmlb,.gbmt:visited,.gbml1:visited,.gbmlb:visited{color:#36c !important;text-decoration:none !important}.gbmt,.gbmt:visited{display:block}.gbml1,.gbmlb,.gbml1:visited,.gbmlb:visited{display:inline-block;margin:0 10
Apr 23, 2024 09:50:57.092192888 CEST	1289	IN	Data Raw: 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 37 70 78 7d 2e 47 42 4d 43 43 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 2c 23 47 42 4d 50 41 4c 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 Data Ascii: {padding:0;margin:0;line-height:27px}.GBMCC:last-child:after,#GBMPAL:last-child:after{content:'\0A\0A';white-space:pre;position:absolute}#gbmps{*zoom:1}#gbd4 .gbpc,#gbmpas .gbmt{line-height:17px}#gbd4 .gbpgs .gbmtc{line-height:27px}#gbd4 .gbmt
Apr 23, 2024 09:50:57.197135925 CEST	1289	IN	Data Raw: 6c 62 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 7d 23 67 62 6d 70 61 73 62 20 2e 67 62 70 73 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 23 67 62 6d 70 61 6c 20 2e 67 62 71 66 62 62 7b 6d 61 72 67 Data Ascii: lb{padding-right:0;text-align:right}#gbmpasb .gbps{color:#000}#gbmpal .gbqfbb{margin:0 20px}.gbp0 .gbps{*display:inline}a.gbiba{margin:8px 20px 10px}.gbmpiaw{display:inline-block;padding-right:10px;margin-bottom:6px;margin-top:10px}.gbxv{visib

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Apr 23, 2024 09:52:10.954797029 CEST	587	49743	213.165.67.118	192.168.2.4	220 kundenserver.de (mreue108) Nemesis ESMTP Service ready
Apr 23, 2024 09:52:10.962194920 CEST	49743	587	192.168.2.4	213.165.67.118	EHLO 347688
Apr 23, 2024 09:52:11.173980951 CEST	587	49743	213.165.67.118	192.168.2.4	250-kundenserver.de Hello 347688 [89.187.171.132] 250-8BITMIME 250-SIZE 140000000 250 STARTTLS
Apr 23, 2024 09:52:11.178189993 CEST	49743	587	192.168.2.4	213.165.67.118	STARTTLS
Apr 23, 2024 09:52:11.390005112 CEST	587	49743	213.165.67.118	192.168.2.4	220 OK

Target ID:	0
Start time:	09:50:55
Start date:	23/04/2024
Path:	C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Zapytanie ofertowe (7427-23 ROCKFIN).exe"
Imagebase:	0x180000
File size:	880'128 bytes
MD5 hash:	1F1ABB143C8B30FB865BC08257345941
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2383310940.00000000032EF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2396033362.0000000006C20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2389417010.000000000442B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkTortilla, Description: Yara detected DarkTortilla Crypter, Source: 00000000.00000002.2389417010.000000000450F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2389417010.0000000004305000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	09:51:35
Start date:	23/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xeb0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2923460552.00000000033AE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2923460552.00000000033D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2908230870.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.2923460552.0000000003361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.2923460552.0000000003361000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	15.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	10.3%
Total number of Nodes:	223
Total number of Limit Nodes:	9

Executed Functions

Function 01917C38 Relevance: 12.2, Strings: 9, Instructions: 979COMMON

Download Yara Rule

Strings

(okq, xrefs: 01918201
(okq, xrefs: 019182B1
(okq, xrefs: 01917D1E
(okq, xrefs: 019181F1
(okq, xrefs: 01917EA2
,oq, xrefs: 01918182
,oq, xrefs: 01918192
(okq, xrefs: 01917DD9
(okq, xrefs: 01917E05

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: (okq$(okq$(okq$(okq$(okq$(okq$(okq$,oq$,oq
API String ID: 0-2115511855
Opcode ID: 5152c32846960320c52d00e0fe8136480afbe83ee0dab70fae62d988dfba89e6
Instruction ID: b26b71f418ca420b0c5d0e36800badc0e24b1ea6ab52daa5cad58c2cc43c2d07
Opcode Fuzzy Hash: 5152c32846960320c52d00e0fe8136480afbe83ee0dab70fae62d988dfba89e6
Instruction Fuzzy Hash: E5926F30A00209DFCB15CF68D984AAEBBF6FF88311F158555E9199B3A9DB30EC81DB51

Uniqueness

Uniqueness Score: -1.00%

Function 01916D58 Relevance: 11.2, Strings: 8, Instructions: 1217COMMON

Download Yara Rule

Strings

Hoq, xrefs: 01917426
(okq, xrefs: 019178A0
,oq, xrefs: 01917918
,oq, xrefs: 0191790A
,oq, xrefs: 01916E2E
(okq, xrefs: 01917892
(okq, xrefs: 0191755A
,oq, xrefs: 01916E38

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: (okq$(okq$(okq$,oq$,oq$,oq$,oq$Hoq
API String ID: 0-3316956068
Opcode ID: 59b8ecda5563fa787c0c2aa60bc8c48c4d2b5c313b7039c65bd050b2b3455115
Instruction ID: 9e38eab9fb4a8d7bc2cdd541884f1bb712ba6d6f0050727b65e740f99e273ad1
Opcode Fuzzy Hash: 59b8ecda5563fa787c0c2aa60bc8c48c4d2b5c313b7039c65bd050b2b3455115
Instruction Fuzzy Hash: BBA26471A0021ACFDB19CFA9C944AAEBBB6FF88311F158559E909D73A5DB30DC81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 08238268 Relevance: 5.6, Instructions: 5633
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2397067167.0000000008230000.00000040.00000800.00020000.00000000.sdmp, Offset: 08230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8230000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40de9951c66d037c2d9db9e8f1c064cd40989d849d424cda03b061b7c473e3a6
Instruction ID: 6bdad2fc39e0429e0590492e2d0aadea4cdc25c250d86e86e938df6478b82288
Opcode Fuzzy Hash: 40de9951c66d037c2d9db9e8f1c064cd40989d849d424cda03b061b7c473e3a6
Instruction Fuzzy Hash: 84C30974E11219CBDB64EF38EA986ACBBF2EB89700F0144EDD449A7254EE345E84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 08218929 Relevance: 5.2, Instructions: 5173
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10d7c1bca9f454d7efe120bece0cd38e92fa4ad03b4a01291a23df295283f250
Instruction ID: 110b71bf24100c7b3ff5448a325e1704be4c6245d46ec0976798953e05567860
Opcode Fuzzy Hash: 10d7c1bca9f454d7efe120bece0cd38e92fa4ad03b4a01291a23df295283f250
Instruction Fuzzy Hash: A0B33974A01218CBDB54EF38EA982ACBBF2FB88700F5585EDD489A7254EE345D84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 08218938 Relevance: 5.2, Instructions: 5170
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6086c6502e9e0098a9660b308d2e4b6d8a04bdefa63c6ab058a1276016085599
Instruction ID: 510aaebc5b0ff5749b541b12ab6cab1f37a25aaefebc361ea844696e08177a80
Opcode Fuzzy Hash: 6086c6502e9e0098a9660b308d2e4b6d8a04bdefa63c6ab058a1276016085599
Instruction Fuzzy Hash: 32B33974A01218CBDB54EF38EA982ACBBF2FB88700F5585EDD489A7254EE345D84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 08C587D8 Relevance: 3.9, Strings: 3, Instructions: 167COMMON

Download Yara Rule

Strings

$kq, xrefs: 08C58861
Q!, xrefs: 08C58A35
Q!, xrefs: 08C58A27

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Q!$Q!$$kq
API String ID: 0-2891015682
Opcode ID: 8371126aad0e862ec053151438f986b71e723098d06d8558b53daae8befd8a62
Instruction ID: 0272d720c5d2dba47a2bf0ae001bdb18cb9b39b993c12a3630598048ecf48954
Opcode Fuzzy Hash: 8371126aad0e862ec053151438f986b71e723098d06d8558b53daae8befd8a62
Instruction Fuzzy Hash: CD71C2B4E00208DFDB04DFA9D5885AEBBB2FF88301F20852ED806AB395DB355985CF55

Uniqueness

Uniqueness Score: -1.00%

Function 01914D00 Relevance: 2.8, Strings: 2, Instructions: 306COMMON

Download Yara Rule

Strings

8oq, xrefs: 01914DAA
8oq, xrefs: 01914D9A

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: 8oq$8oq
API String ID: 0-150699234
Opcode ID: 73423f8f9d8af6a7de022a677073522b42afc91b0dc42f9dc3ca06c975ac409d
Instruction ID: 9f77c5de7a965417da6d58279a0087b0949f9c3d21c195499df965b4036df0d6
Opcode Fuzzy Hash: 73423f8f9d8af6a7de022a677073522b42afc91b0dc42f9dc3ca06c975ac409d
Instruction Fuzzy Hash: 2FE1C175E00228CFDB64CFA9C944BDDBBB6BF49301F1085AAD50DAB295DB306A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 087AEED0 Relevance: 2.7, Strings: 2, Instructions: 192COMMON

Download Yara Rule

Strings

<, xrefs: 087AF005
YqA , xrefs: 087AEE33

Memory Dump Source

Source File: 00000000.00000002.2398267295.00000000087A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_87a0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: <$YqA
API String ID: 0-3338793842
Opcode ID: f25f168becd5f17663fb2e161a163f3d62ccc216d014a66e99706b3135705d78
Instruction ID: f9cee09440a361e88d276f6c579e43eeda01c9a3e5464209b2745fb90bb48fdc
Opcode Fuzzy Hash: f25f168becd5f17663fb2e161a163f3d62ccc216d014a66e99706b3135705d78
Instruction Fuzzy Hash: 5081E771E05618CFDB58CFAAC98469DBBF2EF89301F14C1AAD409AB365DB345A81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 08C50C70 Relevance: 2.7, Strings: 2, Instructions: 177COMMON

Download Yara Rule

Strings

Tekq, xrefs: 08C50CD9
Tekq, xrefs: 08C50E42

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Tekq$Tekq
API String ID: 0-2269808460
Opcode ID: ac1453e782138362e57b7e9ef93cea7fdec8102bba6478f34557f219db56b722
Instruction ID: 9696c415e61ca81519f150c97425bf1508936637e9adc27cf85dd29d3b12241c
Opcode Fuzzy Hash: ac1453e782138362e57b7e9ef93cea7fdec8102bba6478f34557f219db56b722
Instruction Fuzzy Hash: 8271C474E006198FDB08CFAAD944AEEFBB2FF89301F20842AD815AB359D7346945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 08C50C6F Relevance: 2.7, Strings: 2, Instructions: 173COMMON

Download Yara Rule

Strings

Tekq, xrefs: 08C50CD9
Tekq, xrefs: 08C50E42

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Tekq$Tekq
API String ID: 0-2269808460
Opcode ID: 1d91ea17b73a0de1d75b3ff5c9a9ff5691d6a8871c61cb86679fba697cbcd5d8
Instruction ID: 165fbef540deaae34b82140ac08be2a1cd6ab5134b84b9552f4950ed3443d789
Opcode Fuzzy Hash: 1d91ea17b73a0de1d75b3ff5c9a9ff5691d6a8871c61cb86679fba697cbcd5d8
Instruction Fuzzy Hash: FB71C474E006098FDB08CFAAD944AEEFBB2FF88300F20852AD815AB359D7346945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 08C587C8 Relevance: 2.7, Strings: 2, Instructions: 167COMMON

Download Yara Rule

Strings

$kq, xrefs: 08C58861
Q!, xrefs: 08C58A35

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Q!$$kq
API String ID: 0-1437215334
Opcode ID: a626bb0e1ffbf1a3638436f21640bac35c39317b8d2111b1804c9e82be6ba09e
Instruction ID: b3a5036efeb49afb3f3529e5620f4b56b69567367092c5f5af34264cacb6bbe9
Opcode Fuzzy Hash: a626bb0e1ffbf1a3638436f21640bac35c39317b8d2111b1804c9e82be6ba09e
Instruction Fuzzy Hash: 2671C6B4E10208DFDB04DFA5D5885AEBBB2FF88301F20852ED806A7396DB355985CF55

Uniqueness

Uniqueness Score: -1.00%

Function 08C5FBA8 Relevance: 1.7, APIs: 1, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateProcessAsUserW.KERNEL32(?,?,?,0000000A,?,?,?,?,?,?,?), ref: 08C5FD13

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: CreateProcessUser
String ID:
API String ID: 2217836671-0
Opcode ID: 2607a14061ab7511b1f6a1a3273a71c57e1c20832c0fe9b41977a522928a8dea
Instruction ID: 37d3509126962746ded596bfe5b63861fef26172a7a3ab6b107719f93202ce39
Opcode Fuzzy Hash: 2607a14061ab7511b1f6a1a3273a71c57e1c20832c0fe9b41977a522928a8dea
Instruction Fuzzy Hash: 7751F57190022ADFDF24CF99C940BDDBBB5BF48310F1484AAE849B7254DB75AA85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 082325A0 Relevance: 1.6, Strings: 1, Instructions: 327COMMON

Download Yara Rule

Strings

Xoq, xrefs: 082325B7

Memory Dump Source

Source File: 00000000.00000002.2397067167.0000000008230000.00000040.00000800.00020000.00000000.sdmp, Offset: 08230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8230000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq
API String ID: 0-3060498042
Opcode ID: 16c4336ff6c72f909c961b15cfc44c92b5980957a7c2cb5494874f9f5c484293
Instruction ID: 5c317000aee00ec0816f2843e0a5f3b064c658c314dfddbb6921b1707c8e5fca
Opcode Fuzzy Hash: 16c4336ff6c72f909c961b15cfc44c92b5980957a7c2cb5494874f9f5c484293
Instruction Fuzzy Hash: 6AB166B4734326CBDB381E26956433E76A6FFC4B13F34892DD89696284CE34C841DB66

Uniqueness

Uniqueness Score: -1.00%

Function 08C59F40 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

y (i) embed this font in content as permitted by the embedding restrictions included in this font; and (ii) temporarily download t, xrefs: 08C5A047

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: y (i) embed this font in content as permitted by the embedding restrictions included in this font; and (ii) temporarily download t
API String ID: 0-1784327888
Opcode ID: b2baefc8286aa00d518c1e9a3ee929f29c3fb0499e65c11ad7ff080e4bed686d
Instruction ID: a846c8da8b3d042b49a18bb85cf83ee96455774ef9dcabc9af0330ff81390d48
Opcode Fuzzy Hash: b2baefc8286aa00d518c1e9a3ee929f29c3fb0499e65c11ad7ff080e4bed686d
Instruction Fuzzy Hash: 684135B1D1521ADBCF44CFA6E8405AEFFB5FB89301F10952AD911B6310D73886868FA8

Uniqueness

Uniqueness Score: -1.00%

Function 05DA79BC Relevance: 1.3, Instructions: 1264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2395111089.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5da0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d713727ba4ee40e508c31fab405df8b0482819d7f00094e0d1626f5073bfc505
Instruction ID: 4d7c13d14d4ecdfb9a25c141d3e709538a719c7c8fc3cf3f4c7954ac673d0e63
Opcode Fuzzy Hash: d713727ba4ee40e508c31fab405df8b0482819d7f00094e0d1626f5073bfc505
Instruction Fuzzy Hash: 9FB24070A10216CFCB14EF78DA9D6AEBBB5EB88300F5045EAE449A3354DE349E84CF55

Uniqueness

Uniqueness Score: -1.00%

Function 06EE8918 Relevance: .6, Instructions: 596COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396407127.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ee0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2de70e4f93eb4c87b7a12d33d24466ad1ddec9c6675a6b7e36a5d7cfca8c90a4
Instruction ID: 38b3fb006fefdafa4b89d0784d6c3b5f4246cff3ae584cc17da46cab2e940c52
Opcode Fuzzy Hash: 2de70e4f93eb4c87b7a12d33d24466ad1ddec9c6675a6b7e36a5d7cfca8c90a4
Instruction Fuzzy Hash: EC526C30A103168FCB54DF28C844B99B7B2FF89314F2582A9D5596F3A1DB71AD86CF81

Uniqueness

Uniqueness Score: -1.00%

Function 06EE88F8 Relevance: .6, Instructions: 594COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396407127.0000000006EE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6ee0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fcebe582c56a9ae7617c8966b19aac1f44991944b55db395b6ce1fbb63d6609
Instruction ID: cfb4420e6c1226e5dbba7e005fb1a217da16d37f2f202379d6a76a429366c49b
Opcode Fuzzy Hash: 2fcebe582c56a9ae7617c8966b19aac1f44991944b55db395b6ce1fbb63d6609
Instruction Fuzzy Hash: 42526C30A103568FCB14DF28C844B99B7B2FF85314F2582E9D5596F3A2DB71A986CF81

Uniqueness

Uniqueness Score: -1.00%

Function 08C52B80 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2356d13cfff628ddb431d7f7f3b4cd5268a282d95e25b74a43fe1671d99726b7
Instruction ID: adc78e3e3368ca8e5b6e89d554e31a6739f9bb30f0ce364cba31afd4c121d5cf
Opcode Fuzzy Hash: 2356d13cfff628ddb431d7f7f3b4cd5268a282d95e25b74a43fe1671d99726b7
Instruction Fuzzy Hash: 1AF1C070E05259DFDB04CFA9C4958AEFBB1FF89311B248599D812AB316D730A9C2CF94

Uniqueness

Uniqueness Score: -1.00%

Function 08C52C78 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9848a538c7b72b4f8cbd615586fed2cc78bad6fe9bca27c47ecd4cc1182b5bcc
Instruction ID: b7aa289ab407d1f07b5cbdb1dc29882928ee28636e81a04df69a81cb83440b82
Opcode Fuzzy Hash: 9848a538c7b72b4f8cbd615586fed2cc78bad6fe9bca27c47ecd4cc1182b5bcc
Instruction Fuzzy Hash: 9AC12970D0121ADFCB14CFAAD4948AEFBB2FF88301F509559D815AB315D734AA82CF94

Uniqueness

Uniqueness Score: -1.00%

Function 06D9480C Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93766e0c866f9f2cc54069a690d90ae17cab9b4d754bd8cdd18c6fa41b981670
Instruction ID: 78cd906e52a098e0dbbe839717d5f230c10726a791e63bcb1960fb84fdc803e4
Opcode Fuzzy Hash: 93766e0c866f9f2cc54069a690d90ae17cab9b4d754bd8cdd18c6fa41b981670
Instruction Fuzzy Hash: 14A18135E1031A9FCF45DFA4D85499DFBBAFF89300F148625E415AB3A5EB30A845CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 06D953B0 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a69be4e60745bc82a3788dd72e8a86529bfd7b0924be79c955e9aa20c0e7954
Instruction ID: 6068c0fdf4faa748a7a50e840e2eac87190b81c6c2308d3cfb18467a404e88cc
Opcode Fuzzy Hash: 6a69be4e60745bc82a3788dd72e8a86529bfd7b0924be79c955e9aa20c0e7954
Instruction Fuzzy Hash: D9918135E1031A9FCF45DFA0D8549DDFBBAFF89310B248225E415AB3A4EB30A945CB90

Uniqueness

Uniqueness Score: -1.00%

Function 08C51398 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b039283a22f144ace7a1b91f445227ce6373541ea0d9381baa5b200155cead4
Instruction ID: e1b8e6bb131c04793bffe9e15c24da7a750dd3cc121b59d85b32210bdf55a46a
Opcode Fuzzy Hash: 1b039283a22f144ace7a1b91f445227ce6373541ea0d9381baa5b200155cead4
Instruction Fuzzy Hash: 62513A74E05209CFCB08CFAAD5446AEFBF2EF89311F28D06AD415A7255D7348A819F98

Uniqueness

Uniqueness Score: -1.00%

Function 08C51D68 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0af6fb173eed4679b15327282274390cacd5cbc31f5612d1643768eeb0193d0
Instruction ID: 6d3d71f96013fe684460a3639c9c15fc1f349b15fba31ed570446476b99b915e
Opcode Fuzzy Hash: b0af6fb173eed4679b15327282274390cacd5cbc31f5612d1643768eeb0193d0
Instruction Fuzzy Hash: 67310771E006188BEB18CFAAD8543DEBFF2AFC9311F14C16AD409AB265DB740A46CF50

Uniqueness

Uniqueness Score: -1.00%

Function 08217B38 Relevance: 5.7, Strings: 4, Instructions: 683
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hoq, xrefs: 08217E79
(oq, xrefs: 08217DB7
PHkq, xrefs: 08218172
Hoq, xrefs: 082182EF

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: (oq$Hoq$Hoq$PHkq
API String ID: 0-528299047
Opcode ID: ee78c41963aa1bbfaccaa7484de605913e8b1ceba72fb44e70fce679cb9af494
Instruction ID: 071193b4189c8181f2a0471f905669931c33d83e75c8eaf820ac1d9fd6ebb87e
Opcode Fuzzy Hash: ee78c41963aa1bbfaccaa7484de605913e8b1ceba72fb44e70fce679cb9af494
Instruction Fuzzy Hash: C5326D307042158FCB54EF78C894A6EBBE6BF95311B2485A9E519DB3A5DF34EC02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0191F340 Relevance: 5.2, Strings: 4, Instructions: 247
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Xoq, xrefs: 0191F367
>, xrefs: 0191F3A3
Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq$Xoq
API String ID: 0-1515760448
Opcode ID: 777f0f77ed51dd822d163e2d79c0c8c9559fa50bfee684b56c325453c9be267b
Instruction ID: def27cdc2a69f018626bf27aeefc81c89d5f1e7eb2b2f5f4600ee42615527380
Opcode Fuzzy Hash: 777f0f77ed51dd822d163e2d79c0c8c9559fa50bfee684b56c325453c9be267b
Instruction Fuzzy Hash: 9E81F43174070E8FDB26AB38C85466E7BA6AFC5310F14496DD44A8B39ADB38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191D0A8 Relevance: 5.2, Strings: 4, Instructions: 179
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$kq, xrefs: 0191D1A8
4'kq, xrefs: 0191D2A3
$kq, xrefs: 0191D1B4
Hoq, xrefs: 0191D254

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: 4'kq$Hoq$$kq$$kq
API String ID: 0-2647374862
Opcode ID: aa65409b47191fe12b31fcff655eb5991e1d22b53a159979b4fcfba758acc46f
Instruction ID: ec816d88f45421b0d8be8c746fcf90d751f468ad0da73f713993f527b29384bc
Opcode Fuzzy Hash: aa65409b47191fe12b31fcff655eb5991e1d22b53a159979b4fcfba758acc46f
Instruction Fuzzy Hash: 1C51F7303042194BAB1D2AB9585CA7E3EEBBFC65513188829E51BCB3D9EE25CC829351

Uniqueness

Uniqueness Score: -1.00%

Function 0191F910 Relevance: 4.1, Strings: 3, Instructions: 349
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hoq, xrefs: 0191FC19
Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Hoq$Xoq$Xoq
API String ID: 0-1921625961
Opcode ID: 40c3727d34e2f4f785fe16d8bbe4154df2c9d4c3e4ddbbfeac733d72ae167373
Instruction ID: 1567edea9e724a06c89f589632c6e7559aae019b788c72c37baf9a45f6ce0f09
Opcode Fuzzy Hash: 40c3727d34e2f4f785fe16d8bbe4154df2c9d4c3e4ddbbfeac733d72ae167373
Instruction Fuzzy Hash: 19C16C317007098FDB25AB38C594A3FBAEBEFC4310B148929D55A8B799DF34EC898751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F5D1 Relevance: 4.0, Strings: 3, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D
>, xrefs: 0191F5DD

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: b310b80748e588628d87d42b7d11f438799260c2acc04f3b85201a739eddb804
Instruction ID: 67e875e20497def0b05803a2f231adf9441f5add3e5ae0ebc90c2c7013e9b6c1
Opcode Fuzzy Hash: b310b80748e588628d87d42b7d11f438799260c2acc04f3b85201a739eddb804
Instruction Fuzzy Hash: 1481D53074070D8FDB25AB38D85462EBBA6AFC5310F14492DD45B8739ADB34EC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F7AE Relevance: 4.0, Strings: 3, Instructions: 225
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>, xrefs: 0191F7BA
Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: 4f68d7e72b8816cd8253c4baaad78586ce57e00712f0109aa59a9d023a7f5654
Instruction ID: 8344d530674d0c4fa4f7741334d1b927130e851eb62cafeab9fa9a10a22ce713
Opcode Fuzzy Hash: 4f68d7e72b8816cd8253c4baaad78586ce57e00712f0109aa59a9d023a7f5654
Instruction Fuzzy Hash: D671D2307407098FDB25AB38D85462EBBA6EFC5310F14496DD44A8B39ADB38EC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F655 Relevance: 4.0, Strings: 3, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

>, xrefs: 0191F661
Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: 4df912a1adf9850bc7f92a509cc42aa1d20dd622d4d0791964f2d496b0d99069
Instruction ID: 7db301de8a9ed63ac0372328986419b64b2d50555defb3e0173a66d2e273200b
Opcode Fuzzy Hash: 4df912a1adf9850bc7f92a509cc42aa1d20dd622d4d0791964f2d496b0d99069
Instruction Fuzzy Hash: AE71D4307407098FDB26AB38D85462EBBE7AFC5310F14492DD45A8B79ADB38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F3F1 Relevance: 4.0, Strings: 3, Instructions: 219COMMON

Download Yara Rule

Strings

>, xrefs: 0191F3FD
Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: bf6cff60cf0e29f3c35776b6a6546c2d9f70d521f3317624f593442490bfe68e
Instruction ID: 79a02cd75c673f590fe555de737763480c4f6850b9986ee486a25fd8e16b91e6
Opcode Fuzzy Hash: bf6cff60cf0e29f3c35776b6a6546c2d9f70d521f3317624f593442490bfe68e
Instruction Fuzzy Hash: 4271D4307407098FDB26AB38D85462EBBA7AFC5310F14492DD44A8739ADB38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F52B Relevance: 4.0, Strings: 3, Instructions: 219COMMON

Download Yara Rule

Strings

>, xrefs: 0191F537
Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: 4a5a1a0fe0a9f11b4c364077f5185487b6388592c2d4df2e57d1bf93a28862f8
Instruction ID: 666aeafcea7fc3acfa2f41c75d928869c56a5482513be5d38be57967f46d6eb6
Opcode Fuzzy Hash: 4a5a1a0fe0a9f11b4c364077f5185487b6388592c2d4df2e57d1bf93a28862f8
Instruction Fuzzy Hash: E971D5307403498FDB25AB38D85466EBBE7AFC5310F14492DD45A8B39ADB38EC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F57E Relevance: 4.0, Strings: 3, Instructions: 219COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D
>, xrefs: 0191F58A

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: f5c5487b5ce9210cdc53468d992435f01e101f900e45b4bb62627ccade4af4b0
Instruction ID: a4dcc690c02a686de9b0e61dbf9a7a68b0da601fbcd1db9375e7acf5c306e90f
Opcode Fuzzy Hash: f5c5487b5ce9210cdc53468d992435f01e101f900e45b4bb62627ccade4af4b0
Instruction Fuzzy Hash: 8171D5307407098FDB25AB38D85462EBBE7AFC5310F14492DD45A8B79ADB38EC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F483 Relevance: 4.0, Strings: 3, Instructions: 219COMMON

Download Yara Rule

Strings

>, xrefs: 0191F48F
Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: 1d3b42d9e64c208a520a5fd3de0ff3ff0bb5933c108fc07e5dd5308409237a2b
Instruction ID: 1735f04686d00d7c8bfa9a0c067dedec5ba5318422d0a7f76053b7231bcf4bc9
Opcode Fuzzy Hash: 1d3b42d9e64c208a520a5fd3de0ff3ff0bb5933c108fc07e5dd5308409237a2b
Instruction Fuzzy Hash: 8871D3307403098FDB25AB38D85462EBBE7AFC5310F14492DD45A8B39ADB38EC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F4D7 Relevance: 4.0, Strings: 3, Instructions: 219COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
>, xrefs: 0191F4E3
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: >$Xoq$Xoq
API String ID: 0-591897316
Opcode ID: ef604bc3d22752d357be3f942cc5bbdd3c2d06b1b3e69a833f4b91970c1a07aa
Instruction ID: 6e8806bf00d291c6b2949d3403d13f052021f127cd6fdc7db399d792b46bdcd0
Opcode Fuzzy Hash: ef604bc3d22752d357be3f942cc5bbdd3c2d06b1b3e69a833f4b91970c1a07aa
Instruction Fuzzy Hash: EC71C3307403198FDB25AB38D85466EBBE7AFC5310F14492DD45A8B39ADB38EC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 01916658 Relevance: 2.9, Strings: 2, Instructions: 351COMMON

Download Yara Rule

Strings

Hoq, xrefs: 01916839
Hoq, xrefs: 0191686C

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Hoq$Hoq
API String ID: 0-3106737575
Opcode ID: 7ec085a03d63b5e03b6311a1923dbf9030a35c371f0daba2973b7a2b66a8a611
Instruction ID: b3f8ab6aaf73a7906cbc51e5e114044523379f486c0f7e796a4763be43188844
Opcode Fuzzy Hash: 7ec085a03d63b5e03b6311a1923dbf9030a35c371f0daba2973b7a2b66a8a611
Instruction Fuzzy Hash: 26C10631B002099FDB059F68D858B6E7FAAFB84351F148469E90ADB399DFB1CC81C791

Uniqueness

Uniqueness Score: -1.00%

Function 082113E0 Relevance: 2.8, Strings: 2, Instructions: 324COMMON

Download Yara Rule

Strings

PHkq, xrefs: 082116BC
PHkq, xrefs: 0821154E

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: PHkq$PHkq
API String ID: 0-119726883
Opcode ID: 5400b76656e5809c2567363dc719e0af5e9b145392feb13082ef24d949267b4a
Instruction ID: cb90934f0b0a6b5963751d0d7e7c0a4c4c47ddc9e780d8df6b46dcaf90f8d611
Opcode Fuzzy Hash: 5400b76656e5809c2567363dc719e0af5e9b145392feb13082ef24d949267b4a
Instruction Fuzzy Hash: 73D11334B10219CFCB14DF68C584AADBBF2BF98711B2545A8E506EB3A1DB31EC45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0191F73B Relevance: 2.7, Strings: 2, Instructions: 235COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 88eec480de3ea4ab70f70f21ebf702c0c94e401db75c892b4580a1c56e3a1cbb
Instruction ID: 1fce2c77f5e8835a18019073d5ab0edc4905c418efb2de8f5091d3f840bdd789
Opcode Fuzzy Hash: 88eec480de3ea4ab70f70f21ebf702c0c94e401db75c892b4580a1c56e3a1cbb
Instruction Fuzzy Hash: F781AE307407098FDB25AB38D85462EBBA7AFC4310F14896DD45A8B39EDB38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F623 Relevance: 2.7, Strings: 2, Instructions: 217COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 1b8b038523fc11820f48bf28ded9ce5196fd1acdb6dd4a544ce5305d46b4f1ea
Instruction ID: 502472162028a227150d99aa2befc9d6c25d78fac21e576bcd4e3b8167a26a73
Opcode Fuzzy Hash: 1b8b038523fc11820f48bf28ded9ce5196fd1acdb6dd4a544ce5305d46b4f1ea
Instruction Fuzzy Hash: 6971B13074070D8FDB25AB38D85462EBBA7AFC4320F14892DD45A8739ADB38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F7EC Relevance: 2.7, Strings: 2, Instructions: 214COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: e283e37bcfbf2a8e0d3c23f95d240c0c188e4d4f8828f6542ba4453a10ffb49d
Instruction ID: dfaa12ee15dfb83822b51e6db56933c7de1fad6779dcd81c7762edf85c077a0f
Opcode Fuzzy Hash: e283e37bcfbf2a8e0d3c23f95d240c0c188e4d4f8828f6542ba4453a10ffb49d
Instruction Fuzzy Hash: 9B71C2307403098FDB25AB38D85462EBBA7AFC4310F14892DD45A8739ADF38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F69F Relevance: 2.7, Strings: 2, Instructions: 214COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 6ec66f7f90eff77889b201ebd264ac1f84ca6a422e58fb45a9a54299bc736152
Instruction ID: 08a79304f4a8d80d0eb897f1791ef03f7da10656ef6b65ab1a1e3b930bde662d
Opcode Fuzzy Hash: 6ec66f7f90eff77889b201ebd264ac1f84ca6a422e58fb45a9a54299bc736152
Instruction Fuzzy Hash: D371B2307407098FDB25AB38D85462EBBA7AFC4310F14892DD45A8779ADF38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F5B6 Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: f0dc9967cbbf9ae421ae08c44c650896d8cc2a5ec258f1a68a495c2e47ba553f
Instruction ID: e5591f959b8f813b79de0bf4a6da39d41dc821e17fbd1aadfb4848e567f23b7e
Opcode Fuzzy Hash: f0dc9967cbbf9ae421ae08c44c650896d8cc2a5ec258f1a68a495c2e47ba553f
Instruction Fuzzy Hash: D971D4307407098FDB25AB38D85462EBBA7AFC4310F14892DD45A8779ADF38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F510 Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: fab38931c54af708e4d4218330d6f9c3dc33ab5b64616e4a0ad3c6ca54247107
Instruction ID: 69849bca6ad0f4d9f09ba861789179bd8efad2098110a61868029db3a5bed8b5
Opcode Fuzzy Hash: fab38931c54af708e4d4218330d6f9c3dc33ab5b64616e4a0ad3c6ca54247107
Instruction Fuzzy Hash: 2271D4307403098FDB25AB38D85462EBBA7AFC4310F14892DD45A8779ADF38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F563 Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 64b3ebea8dd3a2a77a637e658a117279610e3c242ef56c18dccb94399362949e
Instruction ID: 90356d317ddf0a03a6bacbc978d19988fbb1997481dd2bfe8dd15e2461009bfa
Opcode Fuzzy Hash: 64b3ebea8dd3a2a77a637e658a117279610e3c242ef56c18dccb94399362949e
Instruction Fuzzy Hash: F871D4307407098FDB25AB38D85462EBBA7AFC4310F14892DD45A8779ADF38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F4BC Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 5961eb2dced0ca7c3e7f01deaca68f6b76782921484ab283cfa62915ce41cbb3
Instruction ID: 7a8b1cdaaed19445550c6a47c60c7976bc37eedea435fbde5d8264365301de85
Opcode Fuzzy Hash: 5961eb2dced0ca7c3e7f01deaca68f6b76782921484ab283cfa62915ce41cbb3
Instruction Fuzzy Hash: 5D71D4307403098FDB25AB38D85462EBBA7AFC4310F14892DD45A8779ADF38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F42A Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 4b12be2e673bd86c075c79fdfa621b652e3923ec14191c011e2d400bc7f8e26c
Instruction ID: 32388eab49ac19c2a6812e6fa0ba0fc3c4118357dd6db622e3b4ffdb19de0aaa
Opcode Fuzzy Hash: 4b12be2e673bd86c075c79fdfa621b652e3923ec14191c011e2d400bc7f8e26c
Instruction Fuzzy Hash: 6F71D4307403098FDB25AB38D85462EBBA7AFC4310F14892DD45A8779ADF38DC8AC751

Uniqueness

Uniqueness Score: -1.00%

Function 0191F8C0 Relevance: 2.7, Strings: 2, Instructions: 163COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191FA40
Xoq, xrefs: 0191F94D

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq
API String ID: 0-251439590
Opcode ID: 78257e0ed919065276580a62dd86501739c8cff69b571ed647eb18b7249e8ab5
Instruction ID: 45ca9d2595e5608ba39783809b878ab5ab6e6c7325cc4429c5f3a55771e497bb
Opcode Fuzzy Hash: 78257e0ed919065276580a62dd86501739c8cff69b571ed647eb18b7249e8ab5
Instruction Fuzzy Hash: B951A63074070A8FDB25AB24D854A6EBBE6AFC5310F14493DD45A8779ADB38ECCAC750

Uniqueness

Uniqueness Score: -1.00%

Function 06D94F61 Relevance: 1.8, APIs: 1, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47b11dd3ec3ba97c32a0c5b1447881e6fe4fdbf2c8b19db4e59a1e91880676f1
Instruction ID: 3efa6b3e48cc511ffa79f7ba6755559056d3e4462e5b5153c8980f34ac0d4834
Opcode Fuzzy Hash: 47b11dd3ec3ba97c32a0c5b1447881e6fe4fdbf2c8b19db4e59a1e91880676f1
Instruction Fuzzy Hash: CFA1A971805388AFDF12CFA5D85499DBFB1FF4A304F1581AAE488AB262D7309945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 087AFD28 Relevance: 1.7, APIs: 1, Instructions: 168memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 087AFE63

Memory Dump Source

Source File: 00000000.00000002.2398267295.00000000087A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_87a0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 25517058e2a47ba7e66840dce4cf1b0aed357a953116f319b2582e3f22641dbf
Instruction ID: 4f48b496a4d79e04ef971ce4fcb3d708741f560df5ea573c6ac8eac5cda3fbff
Opcode Fuzzy Hash: 25517058e2a47ba7e66840dce4cf1b0aed357a953116f319b2582e3f22641dbf
Instruction Fuzzy Hash: FD41147680D2059ACB2BDEA9C47A2CDBFB0ABC5213F144316D294A722DDF3145458BF1

Uniqueness

Uniqueness Score: -1.00%

Function 06D950B8 Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06D951CA

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: cff575bada0dd07f05366fd76048394169f36c2f9537565e3370300ec21cc7bb
Instruction ID: 641b207c23fcfc2f95347c963391b0c0a4ed9665699df75670992245915e7526
Opcode Fuzzy Hash: cff575bada0dd07f05366fd76048394169f36c2f9537565e3370300ec21cc7bb
Instruction Fuzzy Hash: 9E41BEB1D003199FDF15CF99D984ADEBFB5BF48310F24812AE818AB210D7719885CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06D950AE Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06D951CA

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 5746b5affd94111ea5784e3e85757480a1549b4bb8796b1af567c13540ca73bb
Instruction ID: 88e5ca0ff6d81544d7da0723698779d9c02eff4a7c90cfec06eaa1a1a8b12c85
Opcode Fuzzy Hash: 5746b5affd94111ea5784e3e85757480a1549b4bb8796b1af567c13540ca73bb
Instruction Fuzzy Hash: 6A51BDB1D103199FDF15CF99D984ADEBBB1BF48310F24852AE419AB210D7719885CF90

Uniqueness

Uniqueness Score: -1.00%

Function 06D90D17 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06D90E17

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 561924e927c7838d3451c7b4fbb5549f32338d1b8b4b9104be294de529b7c29c
Instruction ID: f2bc59da65d8269adde6772acd881b9c92e0fda69b63b7f085b65ec12a93d89a
Opcode Fuzzy Hash: 561924e927c7838d3451c7b4fbb5549f32338d1b8b4b9104be294de529b7c29c
Instruction Fuzzy Hash: 8E4149769002589FCF11CF99D844AEEBFF6EF49310F14805AE954A7361C3359954DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06D9490C Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 06D97731

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 30454a03fd890305a57049cb0729d26404d53be217044dc70b63683a1a28cee2
Instruction ID: ae7c6a8f6bcf6db25030b628c89226b6b0b2fa361d4db24fb4edfeeb6256cfac
Opcode Fuzzy Hash: 30454a03fd890305a57049cb0729d26404d53be217044dc70b63683a1a28cee2
Instruction Fuzzy Hash: 094128B8910305CFDB54CF99C888AAABBF5FB88314F24C459E519AB321D770A841CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 06D90D90 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06D90E17

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 5094292edcd3a4a526c09dca1ab4522f6f840c61dc04b6b98b95c2d24d07727a
Instruction ID: 6b54735161f8700d104fad927eb36761ad4b001150ca6189050381f48dcdebc4
Opcode Fuzzy Hash: 5094292edcd3a4a526c09dca1ab4522f6f840c61dc04b6b98b95c2d24d07727a
Instruction Fuzzy Hash: 3321E0B59002589FDB10CFAAD984ADEBFF8EB48320F14841AE918A7310D374A954CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 08C586C8 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 08C58743

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1d6ad5f98aed900ef0c68f98a3f86df79accf842526350a5996fb6f37d539837
Instruction ID: 3649fe6e535873c2e4dc1b3e3d769e22229c2feeeeb47f0065cfc26ba274b980
Opcode Fuzzy Hash: 1d6ad5f98aed900ef0c68f98a3f86df79accf842526350a5996fb6f37d539837
Instruction Fuzzy Hash: AD21F4B59002599FCB10CFAAC484BDEFFF4EB49320F148469E958A7251D378A644CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 082304E0 Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000), ref: 08230550

Memory Dump Source

Source File: 00000000.00000002.2397067167.0000000008230000.00000040.00000800.00020000.00000000.sdmp, Offset: 08230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8230000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 327977cdc4a840854cd64bd3ae1fcbf47a074493f715d399eacbddc26290f9b2
Instruction ID: c7656b477a3aa73f603ba7415d99f6ec07c1a572e8947773f5dad866fb5ef18b
Opcode Fuzzy Hash: 327977cdc4a840854cd64bd3ae1fcbf47a074493f715d399eacbddc26290f9b2
Instruction Fuzzy Hash: 021136B1C0066A9BCB10CF9AC54479EFBF4FB48320F14812AD858B7250D338A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 05DAE610 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,05DAEE99,00000800,00000000,00000000), ref: 05DAF0AA

Memory Dump Source

Source File: 00000000.00000002.2395111089.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5da0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 180e15b0a6bcda8277cf663d81462e0823baf6e8bd41f0d6271d13e4850209bd
Instruction ID: 62223032147ce4629dc55f12e12e84cc7fec633107c88e422520696e163d053e
Opcode Fuzzy Hash: 180e15b0a6bcda8277cf663d81462e0823baf6e8bd41f0d6271d13e4850209bd
Instruction Fuzzy Hash: 831114B69042098FDB20CF9AC444BDEFBF4EB48310F14846EE559B7210C375A545CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 087AFDF0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 087AFE63

Memory Dump Source

Source File: 00000000.00000002.2398267295.00000000087A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_87a0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 5f547730f89cb4d6cb2e5882c1c5d3fe2c556ab9a6ebc60242f56b16e166e6c4
Instruction ID: 86cf8486a26dbab00a5132d7d9541255b8268e215092aea0c94b5f8e7508597b
Opcode Fuzzy Hash: 5f547730f89cb4d6cb2e5882c1c5d3fe2c556ab9a6ebc60242f56b16e166e6c4
Instruction Fuzzy Hash: CF21E4B5900249DFCB10DF9AC884BDEFBF4FB48320F148429E958A7251D778A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 08C586D0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 08C58743

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2656330dee21dc1616187a8e12e1073cfe622c9f8c66357ebc0c4800c6a5c373
Instruction ID: 9c3e434d35bcb8a38313cdc8b44afca0f2e651476b1887139bb20e004d088bc2
Opcode Fuzzy Hash: 2656330dee21dc1616187a8e12e1073cfe622c9f8c66357ebc0c4800c6a5c373
Instruction Fuzzy Hash: 1121E4B5900249DFCB10DF9AC884BDEFBF4FB48320F148429E958A7251D378A684CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 05DAEDB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 05DAEE1E

Memory Dump Source

Source File: 00000000.00000002.2395111089.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5da0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 85d12d7ad03a1aadf06d450fc35b366530511a7a8d5ec7c634e373e65540c115
Instruction ID: 7ba011ae469c34e4decb63d06df72467d29f3333c08ff5447625ff398e91feea
Opcode Fuzzy Hash: 85d12d7ad03a1aadf06d450fc35b366530511a7a8d5ec7c634e373e65540c115
Instruction Fuzzy Hash: 411110B6C002498FCB10CF9AC444ADFFBF8EB88324F14842AD419B7210D379A645CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0191BE6A Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

Hoq, xrefs: 0191C234

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Hoq
API String ID: 0-3049094369
Opcode ID: b7993389b965b46302bae0bb7387cee9600069844beec184bcd6d06470f8670d
Instruction ID: 623da1da027c456e3c2974f87ebd9cfac00d81bfcb57a3fb4e3b3af456c6f0c4
Opcode Fuzzy Hash: b7993389b965b46302bae0bb7387cee9600069844beec184bcd6d06470f8670d
Instruction Fuzzy Hash: 5BA19530A00209CFDB15DF68D954AAEBBF6FF88300F148568E54A973A9DB35ED85CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0821EC10 Relevance: 1.5, Strings: 1, Instructions: 219COMMON

Download Yara Rule

Strings

PHkq, xrefs: 0821EE07

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: PHkq
API String ID: 0-902561536
Opcode ID: b8fa1c86945f89c2c258a136c4afce79107e3b4cec9a6770514c70f2c6021572
Instruction ID: 053816e39cf6d8cfdb07267b2122be265bc8cf2ba3c10410e3a85d374aa7215c
Opcode Fuzzy Hash: b8fa1c86945f89c2c258a136c4afce79107e3b4cec9a6770514c70f2c6021572
Instruction Fuzzy Hash: 17911834A10205CFCB14DF68C984A99B7F6FF89321B2685A9D815AB3A5DB31EC45CF60

Uniqueness

Uniqueness Score: -1.00%

Function 01918F40 Relevance: 1.5, Strings: 1, Instructions: 203COMMON

Download Yara Rule

Strings

4'kq, xrefs: 01918FA2

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: 4'kq
API String ID: 0-3255046985
Opcode ID: e54483edf1a094b12011c431c11d7f5750df9eaf2b9743078eca60ebcdf5ce5c
Instruction ID: 78414e3417032e0175f9a20bcd21fe2eabe92294552a137c1ce93e925f112373
Opcode Fuzzy Hash: e54483edf1a094b12011c431c11d7f5750df9eaf2b9743078eca60ebcdf5ce5c
Instruction Fuzzy Hash: C5817E30A00219CFDB15DF68C998A9DBBB5FF45305F1684A9E8199B3A6D731EDC4CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0191537E Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

8oq, xrefs: 01915465

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: 8oq
API String ID: 0-3198120224
Opcode ID: 24389a1e04aff2f4ea7d08043051d428e905b58e2c80f873aed1bf8089d0cf5d
Instruction ID: af6edb92e86ebc09b6024c7387652cd1810a06cda4de34ab7c5f595c3e3427bf
Opcode Fuzzy Hash: 24389a1e04aff2f4ea7d08043051d428e905b58e2c80f873aed1bf8089d0cf5d
Instruction Fuzzy Hash: BD51C3B4E01208DFDB04CFAAD584AEDBBB6BF89300F218029D419BB268DB755941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 082113D0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

PHkq, xrefs: 0821154E

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: PHkq
API String ID: 0-902561536
Opcode ID: 6226c541fd9df965dea75cfe9f99868298146edee968c0e6f95f766b5bd003f4
Instruction ID: 5c35ffdc7db8b461f0b7694dd4727f7be2bc021c0c8d00199ba513ef782d72a6
Opcode Fuzzy Hash: 6226c541fd9df965dea75cfe9f99868298146edee968c0e6f95f766b5bd003f4
Instruction Fuzzy Hash: 0C510634B10215CFCB14DF28C598A99BBF1BF88716B2595A8E506EB3A1DB31EC45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0191D368 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191D592

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq
API String ID: 0-3060498042
Opcode ID: 3a0ec652185ddfe4c1c05e50282a041adbca329a16c9831e91e6cfe1147fd555
Instruction ID: 00df375538e8be2db0d3fdb9e066e990d72349fe9be4907bd05ae0d1da02aa04
Opcode Fuzzy Hash: 3a0ec652185ddfe4c1c05e50282a041adbca329a16c9831e91e6cfe1147fd555
Instruction Fuzzy Hash: D441CE34758054CFA71A6B79606DE7D7EE3BBC9A113088418FA1BC73C8CF285C42A782

Uniqueness

Uniqueness Score: -1.00%

Function 0821F760 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

43lq, xrefs: 0821F859

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: 43lq
API String ID: 0-2523565602
Opcode ID: 9fe6b3c004ae64bb60db130cccab0983f92089f62b069bef45373e2b77d3eb61
Instruction ID: 4ac8f572b8de790dd14580c6464087433c820d916bae227f38ab1b445f3b34a6
Opcode Fuzzy Hash: 9fe6b3c004ae64bb60db130cccab0983f92089f62b069bef45373e2b77d3eb61
Instruction Fuzzy Hash: 12317234F102018FCB44FBB8E69E5AD7BF6EB88210F50446DE45AE7294DF385884CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0821F770 Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

43lq, xrefs: 0821F859

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: 43lq
API String ID: 0-2523565602
Opcode ID: 830ebcfa70acd0fa88d209f58bf80babc1d71f9d36816aaf32f3d803a1b0e558
Instruction ID: 75d390bc180871d1c4404489889eb90fa824efbd24e9e2f6ee883f415c9d0e23
Opcode Fuzzy Hash: 830ebcfa70acd0fa88d209f58bf80babc1d71f9d36816aaf32f3d803a1b0e558
Instruction Fuzzy Hash: 2F314C74B102059FCB44FBB9E69E5AD7AF6EB88210F50442DE40AE7254DF389C848BA5

Uniqueness

Uniqueness Score: -1.00%

Function 01915397 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

8oq, xrefs: 01915465

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: 8oq
API String ID: 0-3198120224
Opcode ID: e076461270087aea37e05557375675d40d4a2d4d1628f2a89761b95ef5002e15
Instruction ID: b3fdc3dc87e8810b1dc4d95dcbe0be18d0cf52d2d22f35d29dc9539ade3269a8
Opcode Fuzzy Hash: e076461270087aea37e05557375675d40d4a2d4d1628f2a89761b95ef5002e15
Instruction Fuzzy Hash: 5D31A174E40208CFEB44DFA9C945AADBBB5BF89301F21842AD419BB298DB755941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 08215430 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef097a633ba2551b431f746e36d60193c77bd8c0533e999b1f3e98bc1aae1f6e
Instruction ID: ebcfcb74451e7c89ead31b82a25204ba03cacf3a94a496c51845e7944ad7d0a8
Opcode Fuzzy Hash: ef097a633ba2551b431f746e36d60193c77bd8c0533e999b1f3e98bc1aae1f6e
Instruction Fuzzy Hash: C5D15D34620715CFCB28DF78C484A6A77F7AF94312B244AADE4529B3E5DB35D886CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0821FA00 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4f69183c716e9b2c81d30063eb11633db09cdcb8759baf38813585971761b33
Instruction ID: 61f84b727569494dcc8ffe99cb4eeec508aa8579de1db7fff7e2f94a87b00d47
Opcode Fuzzy Hash: a4f69183c716e9b2c81d30063eb11633db09cdcb8759baf38813585971761b33
Instruction Fuzzy Hash: 2281A470F102058BCB04EBB8E69A66E77FAEFC8210F50856DD419E7354DE389C45CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0821FD8F Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3438dd181830bae946ab97dac57507260795eed3440468dfa7f37fc0e6f91d0a
Instruction ID: 81db347f00edee013063f05748336fa8f91ce49db77e075cde075d91d92d3ef6
Opcode Fuzzy Hash: 3438dd181830bae946ab97dac57507260795eed3440468dfa7f37fc0e6f91d0a
Instruction Fuzzy Hash: 68519E74E142498FCB05CFA8D9546AEBFF2FF89200F2480AAD445EB396DB344846CF61

Uniqueness

Uniqueness Score: -1.00%

Function 08210D80 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203c0282b2a45d28a73105437dc0b6a0508f08e300951f3aab8fe6885c1a6890
Instruction ID: 38c1c4a29cd90dae9bdd806e863bb723b8dcc17e87312c462e601ca14b7358d6
Opcode Fuzzy Hash: 203c0282b2a45d28a73105437dc0b6a0508f08e300951f3aab8fe6885c1a6890
Instruction Fuzzy Hash: DA61E430650605CFCB54DB28C988A69BBF2FF89315F2185A9D44ACB375DB30EC4ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 01916960 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d95c29fc09b9f7678501824cda3e30f5b09016c96a1127bc9589a2ef8603555
Instruction ID: 85455e6b1e61a67852ca96cec9b03babd07982117240fecf14cf97a658184253
Opcode Fuzzy Hash: 8d95c29fc09b9f7678501824cda3e30f5b09016c96a1127bc9589a2ef8603555
Instruction Fuzzy Hash: 5F41B431B042088FDB05AF39C494B3E7BABBB88241F148469E54ACB399DF74CC81C791

Uniqueness

Uniqueness Score: -1.00%

Function 08213DA4 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95db0b2dd77df919ef8617be2a696534849fdcc8fe76545cad3b1acc22967fbe
Instruction ID: c419d6f2a3a9fc69f3e036f9899455eb6f0bb20bcd21833042b35ffce2fd20a9
Opcode Fuzzy Hash: 95db0b2dd77df919ef8617be2a696534849fdcc8fe76545cad3b1acc22967fbe
Instruction Fuzzy Hash: 4C515D353206068FCF24DB29C898B6E77E6EFA5612F2584A9E449CB361DA34E845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01919339 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc6f5904f7d2b6f776e134e6baaba98c243f7c07a88541c93383c77c355e06b4
Instruction ID: 394321d765535958b0d3bb1f0f790c45c10255d3cfc2c0d3ed431ab50105e70d
Opcode Fuzzy Hash: cc6f5904f7d2b6f776e134e6baaba98c243f7c07a88541c93383c77c355e06b4
Instruction Fuzzy Hash: 5751FFB4D00219DFDB04CFA9D5587EEBBF5BF48305F14846AE019A6294DB784A85CF90

Uniqueness

Uniqueness Score: -1.00%

Function 08216C18 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e36184d4cfb792b835f46e82679682ec578c0c12f70ed5151a1e40b62cf73c81
Instruction ID: fcdba7aa5a1b90189b2aaac76ba8e084e2018d88df18f3a9b7e73866da2eaec7
Opcode Fuzzy Hash: e36184d4cfb792b835f46e82679682ec578c0c12f70ed5151a1e40b62cf73c81
Instruction Fuzzy Hash: A74184357106168FDF24DB28C898B6E77E6AFA5212F25846EE449CB371DE30D845C750

Uniqueness

Uniqueness Score: -1.00%

Function 0821FDA0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7578733cdca2c0de971e5503d2733dc2d814cbb4dd9f6edf022b31ffb8adae27
Instruction ID: 59e6e2925afcbbc0051c486bd121d6be6b724b873defada6e883cb7c223e374b
Opcode Fuzzy Hash: 7578733cdca2c0de971e5503d2733dc2d814cbb4dd9f6edf022b31ffb8adae27
Instruction Fuzzy Hash: 034106B4E102199FCB04DFA8D9446AEBBF2FF88301F20802AD515B7395DB749942CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 082125F8 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 899893006b068ae1fe97b62afd39c64b84f2ffa04b2dc182f590c9004e9a0108
Instruction ID: 739bd06eddcf6a0120be21a09df943400001ef78bf42339f31eddc954791bf96
Opcode Fuzzy Hash: 899893006b068ae1fe97b62afd39c64b84f2ffa04b2dc182f590c9004e9a0108
Instruction Fuzzy Hash: A9317C757106109FCB55EB38D85862EBBF6EF89211B10416EE05AC73A1DF34ED06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 08212608 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7911a6a0cd047fff21aca0f1f92bcc9ac9b26e9267e272fe7f51aab9da3fb12d
Instruction ID: b1dc0849ee1e9e2a00aecff6ebe834715bc79ae6f83f24700b79d14084d0a46a
Opcode Fuzzy Hash: 7911a6a0cd047fff21aca0f1f92bcc9ac9b26e9267e272fe7f51aab9da3fb12d
Instruction Fuzzy Hash: 00317A757106108FCB59EB38D85862EBBEAFF89211B10422DE05AC73A1DF34EC06CB91

Uniqueness

Uniqueness Score: -1.00%

Function 019188D0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5943ad505f99579aac9cc23bce652b23fb1dd9eb5684ff698e16910641b0cb4f
Instruction ID: ed760ee95003bf90112590e63a2ea5538eca441b5f43474405c40aee5fd66195
Opcode Fuzzy Hash: 5943ad505f99579aac9cc23bce652b23fb1dd9eb5684ff698e16910641b0cb4f
Instruction Fuzzy Hash: B63190317102089FDB099F69D858BAE7FBBFB88210F148069E90AE7395DE309C45DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0821530A Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4044f4625e2940f947f26ebe42bb8d5d8a269c6a9c3110cfe9e79ac9ba260b2
Instruction ID: be8741b0428264563f811a6aaab598811ead5e0ea79640b796674f5b36919d18
Opcode Fuzzy Hash: e4044f4625e2940f947f26ebe42bb8d5d8a269c6a9c3110cfe9e79ac9ba260b2
Instruction Fuzzy Hash: ED315830710215DFCB149F68C984AAEBBB6BF88721F2042A9E5258B3B1CB71DD01CB90

Uniqueness

Uniqueness Score: -1.00%

Function 08211A0A Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d0d45eaee3ac0c3eb557ffb5528b59e66bb632320ac0ea892d53b7ccc38abb
Instruction ID: 269b5fa234f49f943b23c7c653bc8f18aa5ea4863dc8a652c527c61c29c73796
Opcode Fuzzy Hash: 51d0d45eaee3ac0c3eb557ffb5528b59e66bb632320ac0ea892d53b7ccc38abb
Instruction Fuzzy Hash: 1731D1343206018B8F156638951463E3AE6EFE1693728106ED606CB3A5DF74CC52CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0821FD82 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd3ff3fdacac414e2fcfd3367b66cb90567cf097b95bb2fd8478a771f2d87aa
Instruction ID: 1057c1e2f831b37cc8d3aa425daea1f47c7b951057bd8bb042ff344f158c5863
Opcode Fuzzy Hash: 2cd3ff3fdacac414e2fcfd3367b66cb90567cf097b95bb2fd8478a771f2d87aa
Instruction Fuzzy Hash: FE41E874E102199FCF04DFA8D9545AEBBF2FF88201F24806AD516B7395DB349942CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 08211130 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abbbf767ad012f90c3095eb1a4cafd91ea0c2e8d9d5e2ee5d20515965bd721f4
Instruction ID: 6bd1fc4359c9e74d950779ca113050c5bb72511d60c96a056ee0799354233908
Opcode Fuzzy Hash: abbbf767ad012f90c3095eb1a4cafd91ea0c2e8d9d5e2ee5d20515965bd721f4
Instruction Fuzzy Hash: 373148303606118FCB58DB29C844B6AB3E6BF89611F2590ADE51ACB361EF30E845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 08215318 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 709c6a0784937b19c9a7d1492976b3e0532274a83c82326f8df71ad878117f13
Instruction ID: c50c67a7efc582bfc1c98f7430dd23f71d5ec92413f61ddc7e0a37ec72e651dc
Opcode Fuzzy Hash: 709c6a0784937b19c9a7d1492976b3e0532274a83c82326f8df71ad878117f13
Instruction Fuzzy Hash: 6D313C357102159FCF14DF68C984A6DBBB6BF88721F2042A9E5259B3B1CB71DD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01915A28 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 760e8a8aff4e262c82e6bc1fb5ef727462a61f6683174ac098ed7d98d2b70f05
Instruction ID: 3ab561939c0d658d5ec98866ccbcd35011fc5af72a4c0552528f7be11e9b2f49
Opcode Fuzzy Hash: 760e8a8aff4e262c82e6bc1fb5ef727462a61f6683174ac098ed7d98d2b70f05
Instruction Fuzzy Hash: BA3181317002099FEB059F68D498AAE7B76FBD9311F418028F90997355CB75CC51EF90

Uniqueness

Uniqueness Score: -1.00%

Function 08211120 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0afc34ab251929b6e80dc6f637ca5593fea720d698fe6685cbe8c4659c1f32da
Instruction ID: 5cc8a6895281c31eb1d97f19effe685b627678f14d4df7cfee661166e88831cb
Opcode Fuzzy Hash: 0afc34ab251929b6e80dc6f637ca5593fea720d698fe6685cbe8c4659c1f32da
Instruction Fuzzy Hash: 92313C343106118FCB54DB28C844F5AB7F6BF99605F2590AEE55ACB371EB30E815CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0191DAF8 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6f542eb84cd4e5c1eadab5aa57f1d51fdd4406c181e7ef6c889c45e3410d8e5
Instruction ID: ad934c6c9d8b5db0c0ef159ee8b3b41da2ee1c509fdb62ab5a928b298701a598
Opcode Fuzzy Hash: e6f542eb84cd4e5c1eadab5aa57f1d51fdd4406c181e7ef6c889c45e3410d8e5
Instruction Fuzzy Hash: A5210D3130825C5FDB069AB9981C96A7FEEAFD92507144467F509C735ADD208C45C3A1

Uniqueness

Uniqueness Score: -1.00%

Function 08211A18 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43c9cf958a93bc4e58c5c02d72f8ad76cefa9ba77924499434083222c3a1f5a3
Instruction ID: 214f7d6a3678d839874ecefd00c7b1b5d668790680742cd33c865bfdd404f5fc
Opcode Fuzzy Hash: 43c9cf958a93bc4e58c5c02d72f8ad76cefa9ba77924499434083222c3a1f5a3
Instruction Fuzzy Hash: 5521D7343606068B9F55267D562823E39DBDFD4693328502DDA06CB399EE35CC52CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 01916BAF Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2819c32ff62c803c6c4de3d11c0a0486c6258b94c13c06e8d99fd1fbeb79352a
Instruction ID: fa025cf971614a3dce80e83a9c3403c35d6476f83a13923faa27ea04625b4b82
Opcode Fuzzy Hash: 2819c32ff62c803c6c4de3d11c0a0486c6258b94c13c06e8d99fd1fbeb79352a
Instruction Fuzzy Hash: D6214535F046058FD7259A2DD458A2EBB6AFFC57227048079EA0ADB369CE60CC4287D0

Uniqueness

Uniqueness Score: -1.00%

Function 08216097 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26d98cb75417643c7b7fec6f35c62f71d76eef2f9c562bce7e6c3f8a1db3b252
Instruction ID: 7b4f6398833b8060da5a586043fdf40c21d360bc1875115eef62b2b1156fceb3
Opcode Fuzzy Hash: 26d98cb75417643c7b7fec6f35c62f71d76eef2f9c562bce7e6c3f8a1db3b252
Instruction Fuzzy Hash: 9421F730214345CFCB24DE74D8408ABBBF6FFA2202724466EE49596381D736D956C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 082116D5 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3944c6eed2dbdf90c62b8fc7de1a33c99cd8e676150d8c46f55c1df9a802aa85
Instruction ID: 153f61298a00894c336a6c002bdf66983475be005640b12ca38680d2347e1da1
Opcode Fuzzy Hash: 3944c6eed2dbdf90c62b8fc7de1a33c99cd8e676150d8c46f55c1df9a802aa85
Instruction Fuzzy Hash: D7314C34620209DFCB54DF68C544AADB7F2EF88322F245068D901AB3A4DB31EC96CF21

Uniqueness

Uniqueness Score: -1.00%

Function 082160A8 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13273da36f87e20b9300f29959c317f81d6884fb169a56c95deb8e4287d56f43
Instruction ID: d78ff89eb27272ca8c6a23d6728bf2467973beabadec111982441378c618a448
Opcode Fuzzy Hash: 13273da36f87e20b9300f29959c317f81d6884fb169a56c95deb8e4287d56f43
Instruction Fuzzy Hash: A1219234220705CFCB24DE75C8508AAF7F6FFA22067204A7DE45657391DB36E996CB50

Uniqueness

Uniqueness Score: -1.00%

Function 08210D20 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3553686982a6cc0e256aad40a29ab0f6669d88a4cd059414d5c49bcbaeec5801
Instruction ID: 25085f22716cf1fd0309d15b772616395c94d7080a3d90877f6f2f8c2e9fd310
Opcode Fuzzy Hash: 3553686982a6cc0e256aad40a29ab0f6669d88a4cd059414d5c49bcbaeec5801
Instruction Fuzzy Hash: 43312A31250601CFCB54DB28C448BA6B7E6FF85311F6485AAE15ECB3A5DF70E88ACB50

Uniqueness

Uniqueness Score: -1.00%

Function 0177D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383002141.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_177d000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17aae8b7bc4010c5e2494e043c6afd6335e466c845b6382a7c69fe6ecfa247c1
Instruction ID: 7611be77be34bb4d8fa03ec32b9fe0e7d4f0cd7858a6bd3beee52434da462a1f
Opcode Fuzzy Hash: 17aae8b7bc4010c5e2494e043c6afd6335e466c845b6382a7c69fe6ecfa247c1
Instruction Fuzzy Hash: F821D071608200EFDF25DF98D980B26FBA5FF88324F24C6ADE9494B256C336D446CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0177D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383002141.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_177d000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27db4e361d0ea182927600c1beb3fc0d00e27db62ca1faa31db4bb355c0dc472
Instruction ID: 0cd6dbedf42b7889064a75fd2f91a3ee0b871611a767dc30cd7edefb27234645
Opcode Fuzzy Hash: 27db4e361d0ea182927600c1beb3fc0d00e27db62ca1faa31db4bb355c0dc472
Instruction Fuzzy Hash: AA210071604200DFCF26DF58D984B26FBA5EF88314F20C5ADD80A4B256C33AD446CA61

Uniqueness

Uniqueness Score: -1.00%

Function 082112C1 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2a992c6d125031335ce1cab0b7057c1f22d13022bb3ff4b0425e5d173bed4cb
Instruction ID: e94556ac5cfcad4bb5f7332c9285119aeaa33648e36a3bb13b25cc50c79eab0f
Opcode Fuzzy Hash: b2a992c6d125031335ce1cab0b7057c1f22d13022bb3ff4b0425e5d173bed4cb
Instruction Fuzzy Hash: EA311834210601CFC754DB28D448B9677E2FF85315F1584AEE15ACB365DF70E88ACB50

Uniqueness

Uniqueness Score: -1.00%

Function 01914528 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dd3800142086674a03842eb62e26a084b6dc5b5cfae02ff1aadb7b4321e3a06
Instruction ID: 96db3032d6c7faf0912504e72289ba1c2d4c0fce4f32a06a6180e94bac329322
Opcode Fuzzy Hash: 2dd3800142086674a03842eb62e26a084b6dc5b5cfae02ff1aadb7b4321e3a06
Instruction Fuzzy Hash: 74213B74D012098BDB04DFAAD5087EEFAF6BB8D311F049429E505B3294DB384A45CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 01915A18 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83919b6e30077f3e5cfa9ce3b2ada3ca950b345bcc0e53c163052ca1df4ec747
Instruction ID: e19fdc061140d2dfc795bcd28f1c23969d52da6fc513248705335133c1db9f47
Opcode Fuzzy Hash: 83919b6e30077f3e5cfa9ce3b2ada3ca950b345bcc0e53c163052ca1df4ec747
Instruction Fuzzy Hash: F821F6327502099FE7059F68E498B6E7B65FBC6310F028039E90D9B345CB74DC80DB90

Uniqueness

Uniqueness Score: -1.00%

Function 019188C1 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c7a70cfb2fc906f2349c205c5558a00840bdef34f6e9edd3854d8c2e8e4bec2
Instruction ID: a58cb33fdb8023bd423613b655f600ee0f9c5dda902577cc744762da6ccf0086
Opcode Fuzzy Hash: 3c7a70cfb2fc906f2349c205c5558a00840bdef34f6e9edd3854d8c2e8e4bec2
Instruction Fuzzy Hash: C3216D35600209AFDB059F68D849FEEBBBABB8C311F148169F919A7354DA70AC41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 01914518 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b90f12186f4cd7b90c760184b10f3091c9626d2ed3561819e9eca839117e2fc
Instruction ID: 35b6765cd149a814a1f663780415f1e503384fa460a509d9a07ca19ce1d6851b
Opcode Fuzzy Hash: 6b90f12186f4cd7b90c760184b10f3091c9626d2ed3561819e9eca839117e2fc
Instruction Fuzzy Hash: C911C471D0520CCBDB04CFEAC415BEEBFF6AB8E311F14946AD60867298DB344A48CB51

Uniqueness

Uniqueness Score: -1.00%

Function 08210C78 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed066f2806f7eac8b1860a0bf02b3d7e01a628839d486017501acfac0e609540
Instruction ID: 53626782c73e47dbabc0812979e5dbff51f46d40c0242d72f256c1aacfc257cb
Opcode Fuzzy Hash: ed066f2806f7eac8b1860a0bf02b3d7e01a628839d486017501acfac0e609540
Instruction Fuzzy Hash: 4A116032710605CFCB24AF39D950829B7F5FF9621172445ADE45ADB270EA31EC85CB51

Uniqueness

Uniqueness Score: -1.00%

Function 08210C67 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71cc0121f15d8c539750d967ad148d8493a67ada356379fa6e0395f371573f8b
Instruction ID: 22897086e2db059c2d25f25b3cf75dd29c1325f8fdea3f10d0216faadff120c3
Opcode Fuzzy Hash: 71cc0121f15d8c539750d967ad148d8493a67ada356379fa6e0395f371573f8b
Instruction Fuzzy Hash: 7A11CE32314600CFCB249F79E99486A7BF5EF9A20232541AEE449CF271DA31DC82CB61

Uniqueness

Uniqueness Score: -1.00%

Function 019194E1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b9d5a42e1768f7454cdadb50d3ec342baf2f6d33483b488b33f7fd4cb31aca2
Instruction ID: e2ba0f786e9ffe46cefce4822501b00fa6773555e2bea49eb4c9cde1335b013d
Opcode Fuzzy Hash: 7b9d5a42e1768f7454cdadb50d3ec342baf2f6d33483b488b33f7fd4cb31aca2
Instruction Fuzzy Hash: 76215974E002098FDB00CFADD854AEDBBF1EF4E314F0481A9E819B72A5DB359945CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0191DB08 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04b5e12090cb482f9ae8eed228822da18f2541ef06dba5cbc95c4c09044bb2c1
Instruction ID: c1b460edcb9c6c3067bed3242d3a83f2246b5c92cbf214a3cb1ef6df25a64d69
Opcode Fuzzy Hash: 04b5e12090cb482f9ae8eed228822da18f2541ef06dba5cbc95c4c09044bb2c1
Instruction Fuzzy Hash: 4201B1307092589FD7051ABA9859AABBEDFBFCA250B148877F50AC3399CD348C468265

Uniqueness

Uniqueness Score: -1.00%

Function 0177D017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383002141.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_177d000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 0cffa5ff1eb3ae3972fab665d4e4b24c6b152c7376f5372f352eeb30965a36e6
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 1211D075504280CFDB12CF54D5C4B15FF61FF44314F24C6AAD8094B656C33AD41ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0177D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383002141.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_177d000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 00b66ce60aeca8b2c469dad71aa06701c63a9c50be8dcfc9c045df474ef23236
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 4C11BB75508280DFDB12CF54C5C4B15FFA1FF84224F28C6AADC494B296C33AD40ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 08213248 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcbbd3d47a4d32e3742463ec2e6e50dfe8b11d0273f6ac3f75652b3895f660f0
Instruction ID: 8e784af26c387fd2ca118bba3638db19a5df960c368a25166cb519d2748c2cbb
Opcode Fuzzy Hash: dcbbd3d47a4d32e3742463ec2e6e50dfe8b11d0273f6ac3f75652b3895f660f0
Instruction Fuzzy Hash: BE01A2343602054F8A98EB7DC46893E77EBEFC925172940AAD906CB368DE78CC428791

Uniqueness

Uniqueness Score: -1.00%

Function 0821EE20 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a3e305766e4e93b15d417686e6545942c2496e7a4693f619f262acdb7d5be86
Instruction ID: f150955cd16e594fdea4dc0aedac34967a71202fbe47bf6f9a43f3cadc7de662
Opcode Fuzzy Hash: 7a3e305766e4e93b15d417686e6545942c2496e7a4693f619f262acdb7d5be86
Instruction Fuzzy Hash: D8115238A50209CFDF54DB68CD409ADB7F2AF94222F551469CC11AB3A0CB31DC85CB71

Uniqueness

Uniqueness Score: -1.00%

Function 019194F0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a4138e73a19f1733c076c41ccaed5fc1b5cece5e61250cc4dc8a578f5d65d0e
Instruction ID: 748ccb16987db4df52983efc7ea54f3aec8ce8d0307b0afc3e26b7560cedb257
Opcode Fuzzy Hash: 0a4138e73a19f1733c076c41ccaed5fc1b5cece5e61250cc4dc8a578f5d65d0e
Instruction Fuzzy Hash: 2B119B74E002098FDB44CFAAD944AADBBF6AB89304F149069E919B7260DB35A941CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0176D85D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2382971553.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_176d000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9000984c19ed67c535493d04f99545e6b23bffd65767616bf8c74119fd53898e
Instruction ID: 2a8d0aa82ca7ce1e24e2b3712f1e827df4e9fbeff5781780bb950269bc5d6ab1
Opcode Fuzzy Hash: 9000984c19ed67c535493d04f99545e6b23bffd65767616bf8c74119fd53898e
Instruction Fuzzy Hash: BA01F7312483419AE7209B99C988767FF9CEF41320F18C469ED4C4A286C279D844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 08213242 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b044354398d60b2ad283cf54d90472bf065b757b8dc1a618fdfcf80c633d283d
Instruction ID: c49e804d5214f46cdf6c070d943f10ad9f61ac5d04960ee5d611c96244c8b1e7
Opcode Fuzzy Hash: b044354398d60b2ad283cf54d90472bf065b757b8dc1a618fdfcf80c633d283d
Instruction Fuzzy Hash: C8F062383501104FC654AB7DD45883E77EBEFC966132940AAE906CB364DE74CC4287D1

Uniqueness

Uniqueness Score: -1.00%

Function 082171B4 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b89772e6f3f0991884218c1132731081b8d9bd7b7cb24e8e8baac3392459f1b
Instruction ID: 00aae5311b36d8afbc63647a59aced61e3173dd25717d147fa070cb338a2d368
Opcode Fuzzy Hash: 9b89772e6f3f0991884218c1132731081b8d9bd7b7cb24e8e8baac3392459f1b
Instruction Fuzzy Hash: AEF0A9353101058FCB14DB1DD888965B7D6EFD5321B650569F50ACB3E1CB70EC45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 08211990 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c704d8250db4f7e58c38a94581cd83c00896f6ee67d94e5ff1355910f24f659
Instruction ID: 73bdd082bad962e2c1ceefdfe184eb54766c867e153033990e02431df8185143
Opcode Fuzzy Hash: 7c704d8250db4f7e58c38a94581cd83c00896f6ee67d94e5ff1355910f24f659
Instruction Fuzzy Hash: 59F02230321215CFDB1096288A807BA37E6AFD1212F2414BAD295C7261DF34CC01C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 08210D40 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d006c7d0af85de251d599a23c1d2070a93cbac40ddf063d39551137e5e2c6da7
Instruction ID: b80fd253b6df2185f9b8aaa7082c637264306fe0a52de882b4b91dcb71c6a9ae
Opcode Fuzzy Hash: d006c7d0af85de251d599a23c1d2070a93cbac40ddf063d39551137e5e2c6da7
Instruction Fuzzy Hash: DEF02D303302098FDB10AA3D868076A3ACAEBC1612F241429D296C7368DE30EC4187A2

Uniqueness

Uniqueness Score: -1.00%

Function 0821EED0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3bd57141c349104078b3f9d7aa76d1688f1e64b784ff9b0d13d237e2022530b
Instruction ID: 58e8f6ba58c280fc451d101ac41c82387a0446e457f7f905419d225032225306
Opcode Fuzzy Hash: b3bd57141c349104078b3f9d7aa76d1688f1e64b784ff9b0d13d237e2022530b
Instruction Fuzzy Hash: 5D0186353101018FCB15DB2CD888699B7E6EF89225B1A05A9D949CB3A6DB30DC42CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0176D85C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2382971553.000000000176D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0176D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_176d000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c566e251bda02c74ca5335773190981426d384b8c4bf3857c31567be4ee0cc59
Instruction ID: de22d64bde12bcb6e204ad6f349dba7a32aa1bb11bb5fb42c786324047985f1e
Opcode Fuzzy Hash: c566e251bda02c74ca5335773190981426d384b8c4bf3857c31567be4ee0cc59
Instruction Fuzzy Hash: 20F062715443449EE7218B1AC8C8B66FFACEB81724F18C45AED4C5A286C3799844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 082115B9 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d61431887c3ab6be5a20895d9f60dea5d0205d37210a98b3d9f12167fb89acd5
Instruction ID: f2973773fe468e8ef604bf741731fd70102080e2df1b523fcd0a6f2aed30ca7f
Opcode Fuzzy Hash: d61431887c3ab6be5a20895d9f60dea5d0205d37210a98b3d9f12167fb89acd5
Instruction Fuzzy Hash: 2601D239610508CFCB14CF68C084A987BF1EF58322F204199E906AB3A1C731ED91CF50

Uniqueness

Uniqueness Score: -1.00%

Function 08217B28 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5d251e80598ad0a232327e451e767db3c5e29f5c556676d34017fbae981d98a
Instruction ID: 0c0a9aad8d510ede5098a2329446f8c6cdccb475cdb58583c702b17b1b9bec35
Opcode Fuzzy Hash: f5d251e80598ad0a232327e451e767db3c5e29f5c556676d34017fbae981d98a
Instruction Fuzzy Hash: 9DE092707093529FDB299A30586057677E66FE2206B2005BEE586CB381D736CC02C390

Uniqueness

Uniqueness Score: -1.00%

Function 0191FE60 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce33b0a2f77ddace1bce62424050d9e4ffa8d99874c7ce9e66437162980f0584
Instruction ID: 03f4febd15e49684bacd669e29475276edbb66955aae80ab1f5d8836db306fae
Opcode Fuzzy Hash: ce33b0a2f77ddace1bce62424050d9e4ffa8d99874c7ce9e66437162980f0584
Instruction Fuzzy Hash: DDE0923231051C8BDB15A6ACF800AEE77DDEB407A67040067F50EC3216CB15F8408BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0191CFB1 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c4e2d114e1aec21ab4d9db5c4da92fd91edaf257e1de7bb69e32341e4f0603f
Instruction ID: a238b28e95c94c9046414f04c4f70b3675ef4c2727a5e23f61926ec3178ddac9
Opcode Fuzzy Hash: 0c4e2d114e1aec21ab4d9db5c4da92fd91edaf257e1de7bb69e32341e4f0603f
Instruction Fuzzy Hash: 8FF0A771D0864D5FCB55DFB8C445B6ABFF09B04250F0481A9D458DB38BF771894187C1

Uniqueness

Uniqueness Score: -1.00%

Function 019191B8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6656e53fe96c2685dc0b255248302e360e868f78c3308b7eaeb465c0a84bde21
Instruction ID: 6508c6c807a56273bbcea2e3932c252bf56ac9961f3b77d0ca5baada7195d86b
Opcode Fuzzy Hash: 6656e53fe96c2685dc0b255248302e360e868f78c3308b7eaeb465c0a84bde21
Instruction Fuzzy Hash: E0F082B1C092889FE711CFA584693ACBFB4EB56245F44C4DBD84997255D2344785DB01

Uniqueness

Uniqueness Score: -1.00%

Function 019152A8 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abad319ef32743ba4cdc7036e332e5aeae5f85046e01d79cb1d5276c93668777
Instruction ID: 21d0b585a0cec0bcb89992804d678edeff8a2e738759f0c91b50edc8ab1cb1aa
Opcode Fuzzy Hash: abad319ef32743ba4cdc7036e332e5aeae5f85046e01d79cb1d5276c93668777
Instruction Fuzzy Hash: ADF0A071D09208EFEB04DBB8A4496CCBFF49B5B300F6188A2E808E3215E6300A40C740

Uniqueness

Uniqueness Score: -1.00%

Function 0191FE51 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f095b28e90c83f8cc7f40a152d13831b37d6eb875a6445a6ae13d2aa02b5da0
Instruction ID: 1187e43cc1e30b3fc9e1c06bb0f09f4ca706a85bd9610b7e490ddf446c8a86c4
Opcode Fuzzy Hash: 2f095b28e90c83f8cc7f40a152d13831b37d6eb875a6445a6ae13d2aa02b5da0
Instruction Fuzzy Hash: ADE02B313112088BDB11576CFC40A8B379DEB013557054455F489CB317C754F84087B0

Uniqueness

Uniqueness Score: -1.00%

Function 01914618 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ae48eefcbcde917a27a6a817742ba379276956b2f4aefbe983db891dc4d3b05
Instruction ID: 248deff191721971e58ee0514d702816acfe187dc94ab2bc3372d17ed526fdd1
Opcode Fuzzy Hash: 4ae48eefcbcde917a27a6a817742ba379276956b2f4aefbe983db891dc4d3b05
Instruction Fuzzy Hash: 67E07D62E0D148CFCB018B748C055B43F34DD5B2857010CE9C04DCB429D720D65BE320

Uniqueness

Uniqueness Score: -1.00%

Function 0191FDC8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 212ef370e731b7adcb3bd75738e94d16a119505b62962f568caccedab8c96ae9
Instruction ID: f4fa3bd32be55c441170ea33a13670ee426a15c0540ef1ed7507b2744ead3b02
Opcode Fuzzy Hash: 212ef370e731b7adcb3bd75738e94d16a119505b62962f568caccedab8c96ae9
Instruction Fuzzy Hash: 96E0EC323405288B5A14ABADF5448BA7BDCEB4866530500E6F60DC7651DF51EC4087E5

Uniqueness

Uniqueness Score: -1.00%

Function 019154DC Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4137ac7dc9a1948eb81380b67c5c13035f2410c7322c3743c0fa6111b1187392
Instruction ID: 84b7b59b9395cddaa83de5216cae8c504ebec2d81cd3848516688998a3037f9c
Opcode Fuzzy Hash: 4137ac7dc9a1948eb81380b67c5c13035f2410c7322c3743c0fa6111b1187392
Instruction Fuzzy Hash: 46F065F1D083898FD710DBA5C5457ADBFF0DB56300F1600A6C045DB255D2B89A41DB01

Uniqueness

Uniqueness Score: -1.00%

Function 019152B8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d81e7c794677392cc55f490862cb73aed7193478f170fbd2458ee575b3669df
Instruction ID: 740ebde68c451775400ce91ce73c5111580974045c58b2a67563926bcd136cbd
Opcode Fuzzy Hash: 1d81e7c794677392cc55f490862cb73aed7193478f170fbd2458ee575b3669df
Instruction Fuzzy Hash: C0E01A74D05208DBEB40EFB9A54969CBBF4AB49301F2095A6A808A3204EB300A809B40

Uniqueness

Uniqueness Score: -1.00%

Function 0191F220 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30ecfcecba644b3408c69cb3cadab36ce27286889f4852c2c76908cad9c444ba
Instruction ID: 0a82f9bdd6456cf9055ff50cd06b3f7c836b1a3771a7fa0f8b8f324fbcb69bd5
Opcode Fuzzy Hash: 30ecfcecba644b3408c69cb3cadab36ce27286889f4852c2c76908cad9c444ba
Instruction Fuzzy Hash: 48E0CD3454534A4FD7025274B8581AC3B759D813847144963D005C557BD6658CCE5281

Uniqueness

Uniqueness Score: -1.00%

Function 0191E29E Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c239eca9e19ba0b3de86fbced03c7e66e89b79a52da3e7629d07dea1b2d0dd5d
Instruction ID: b2369cf4e761f585291b7f0db494a270c628950892b286c895621fad5f37a5c2
Opcode Fuzzy Hash: c239eca9e19ba0b3de86fbced03c7e66e89b79a52da3e7629d07dea1b2d0dd5d
Instruction Fuzzy Hash: 9DE01A7AE04218AFDF648F61AC44AADFB36FFC8221F10C4A6F24991104CF3009A8DF01

Uniqueness

Uniqueness Score: -1.00%

Function 0191E275 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f034f6e7010b5a55d56e0eaa02d3f54b0b7d5b427ba7560633b547b95b13f48c
Instruction ID: db10421bd937bceb5b026b312f1ef735232798bc6c49d92c149aaed13e7588d9
Opcode Fuzzy Hash: f034f6e7010b5a55d56e0eaa02d3f54b0b7d5b427ba7560633b547b95b13f48c
Instruction Fuzzy Hash: 33D05E3BB44114CBD728DB34A4985ADF7A3FBCC231B11C076E50AD2608DF3009599B41

Uniqueness

Uniqueness Score: -1.00%

Function 0191CFC0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36dcf25acb6c5fe28f8c17a8516078967c0a7f7bd5e29b382a0e2d1115a13fa
Instruction ID: b366bf7cb0fb8fc1091b8bf4f26a0f965dd22b1e47ef564d159775ac22456643
Opcode Fuzzy Hash: f36dcf25acb6c5fe28f8c17a8516078967c0a7f7bd5e29b382a0e2d1115a13fa
Instruction Fuzzy Hash: A8E0E270E0420C9FDB84EFA9C846BAEBFF4AB48200F10816AD808E6244F7715A958BC1

Uniqueness

Uniqueness Score: -1.00%

Function 0191897D Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcddb47b43cc902014543aea799b8b73e23b1a26fc564043652a27e83634e5da
Instruction ID: 37045229f7f6fc5901c06ba94f4fd73921c1bb7b81bb0fa35ac201c3e99d4f11
Opcode Fuzzy Hash: fcddb47b43cc902014543aea799b8b73e23b1a26fc564043652a27e83634e5da
Instruction Fuzzy Hash: 1AD0677AB40018DFCB049F99E884DDDBBB6FB98221B148126F925A3261CA31A961DB54

Uniqueness

Uniqueness Score: -1.00%

Function 0191F230 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb51b8fc291a38d7d9b8cd8c8ee325be1df70b42fa36c920c915e7b20c1b60b3
Instruction ID: e7d8af8a98a4114157a09b2ddd1d16a53ef5031ae75b11fa80d9fbcbd41b911a
Opcode Fuzzy Hash: fb51b8fc291a38d7d9b8cd8c8ee325be1df70b42fa36c920c915e7b20c1b60b3
Instruction Fuzzy Hash: 9DC0123454020A8EC605F779F94CA1D772EEAC0304744C530A00905269DF796CCD56D1

Uniqueness

Uniqueness Score: -1.00%

Function 0191FDA1 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1971b8622bc12dc0911d0f38524e5d49739230a3b7385a61c8fafa68dd7c9838
Instruction ID: 0440e346d0f2fc72ce81be7ee2c69de09bb875f5f7a86ef73ea0fc69a7e4cb68
Opcode Fuzzy Hash: 1971b8622bc12dc0911d0f38524e5d49739230a3b7385a61c8fafa68dd7c9838
Instruction Fuzzy Hash: C0B092D19892895FDF532E20AC649223E262E9220139A80D2A6C44B127DA400A04A760

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 08213C20 Relevance: 8.3, Strings: 6, Instructions: 845COMMON

Download Yara Rule

Strings

Hoq, xrefs: 08214C5A
Hoq, xrefs: 0821461A
Hoq, xrefs: 08214838
Hoq, xrefs: 08214A3C
Hoq, xrefs: 08214679
Hoq, xrefs: 08214A9B

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Hoq$Hoq$Hoq$Hoq$Hoq$Hoq
API String ID: 0-688389690
Opcode ID: 31d36dc09c8481c4785a3e8a7c9c1354c27f3c8e4ed37d70dfeddb9eb4a0801e
Instruction ID: f0459d5e706ec9c4fc9811b7fe98cae58f31befe9c7a7c203279028272d0e1d3
Opcode Fuzzy Hash: 31d36dc09c8481c4785a3e8a7c9c1354c27f3c8e4ed37d70dfeddb9eb4a0801e
Instruction Fuzzy Hash: F052CD30B142158FCB58AB78C85466EBBEBBFD5310B648579E40ADB3A9CE30DC06C795

Uniqueness

Uniqueness Score: -1.00%

Function 0191A7F0 Relevance: 2.8, Strings: 2, Instructions: 260COMMON

Download Yara Rule

Strings

$kq, xrefs: 0191A806
Xoq, xrefs: 0191A81F

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$$kq
API String ID: 0-227003152
Opcode ID: 88536235fab48892e3ee5860e87a2a0ce8fe74a33c81861895dd3bb5f9b35449
Instruction ID: 772ed66a9559be7cd933de1e2248d03a328083f7ac4169663eea5c041a6f6f64
Opcode Fuzzy Hash: 88536235fab48892e3ee5860e87a2a0ce8fe74a33c81861895dd3bb5f9b35449
Instruction Fuzzy Hash: 0181AE75B01259CFDB18AF79895467EBBB7BFC8710B14C829E40AE728CCE348C468795

Uniqueness

Uniqueness Score: -1.00%

Function 08C53B18 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

L~, xrefs: 08C53C0E

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: L~
API String ID: 0-3876828424
Opcode ID: 101748114da914d4567ed3db5df74242ab4ecaaf6b21319ee20b5bb4507e1ead
Instruction ID: 020fb1a1523fedc2cd8aa46fc0697e6f274483009f4c2e296b4e75bb5ba96fa4
Opcode Fuzzy Hash: 101748114da914d4567ed3db5df74242ab4ecaaf6b21319ee20b5bb4507e1ead
Instruction Fuzzy Hash: 2C912334E15219CFCB04CFAAC58589EFBF2FF89251F24956AD415AB324D330AA42CF58

Uniqueness

Uniqueness Score: -1.00%

Function 087A5EA0 Relevance: .7, Instructions: 717COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398267295.00000000087A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_87a0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93a92804e8891b8a54b93d517c0d290896b6a8470963398edfb2927c20d736cb
Instruction ID: 8a4c9a520e1cd8e64c42ce2ad81a28585dc5023fec23faee8d52652252b5553f
Opcode Fuzzy Hash: 93a92804e8891b8a54b93d517c0d290896b6a8470963398edfb2927c20d736cb
Instruction Fuzzy Hash: F932D130E142458FCB05EFB8D99859DBBF6FF89200B15816ED049EB26ADF389C45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 087A5E6D Relevance: .6, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398267295.00000000087A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 087A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_87a0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0eae31eb1dfcd1c8a47d5fab5d6c52d843fa3a22a39bb808fda837c255a7581
Instruction ID: e9e3d5b15e6040348105e28cbc40e07df9708e981d524ddccb7b3c6a9e5cb15a
Opcode Fuzzy Hash: c0eae31eb1dfcd1c8a47d5fab5d6c52d843fa3a22a39bb808fda837c255a7581
Instruction Fuzzy Hash: 4222AE71E102158FCB04EFB9D99856EBBF6FFC8200B15856DD009A7269DE389C45CB64

Uniqueness

Uniqueness Score: -1.00%

Function 08212968 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cef3ea321129df19bbf32fcbd66f422b5cad9f93a22b04588d1b8b65dffd055e
Instruction ID: 2a267e5f7d299fd4a8f463b9a02ff44894cff8c23c860fe59db09275d33928bb
Opcode Fuzzy Hash: cef3ea321129df19bbf32fcbd66f422b5cad9f93a22b04588d1b8b65dffd055e
Instruction Fuzzy Hash: DFA18170B042559FDB98ABB8851477F6AEBAFC4340F64857DE00AEB39CCE349D428791

Uniqueness

Uniqueness Score: -1.00%

Function 06D93410 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bced9ea4e18f8b661685dd8521c8061956ac6e8eaa914a599ac6009fe2869e9a
Instruction ID: 864fa9a40769ae55a5919d48903ba2b82c402e88971ff5f9cda595df4f504119
Opcode Fuzzy Hash: bced9ea4e18f8b661685dd8521c8061956ac6e8eaa914a599ac6009fe2869e9a
Instruction Fuzzy Hash: 1212C8B44A2756ABD310CF65E98E1A93FB2B740314B70C309E9612F2E1DFB4154AEF54

Uniqueness

Uniqueness Score: -1.00%

Function 05DA17B0 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2395111089.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5da0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 884d3cefd0d2d391f99c751fb7f2c105f3db6e4ada71f9b9fb3a7fcee7d88435
Instruction ID: 8e50e90e601e86cf6f856227663cecd34dac9ab836dda87d2edb5646970187ac
Opcode Fuzzy Hash: 884d3cefd0d2d391f99c751fb7f2c105f3db6e4ada71f9b9fb3a7fcee7d88435
Instruction Fuzzy Hash: 6AD1C474E002189FDB54DFA9D954B9EBBF2BF88300F2481AAE509AB394DB305D85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 08233B11 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2397067167.0000000008230000.00000040.00000800.00020000.00000000.sdmp, Offset: 08230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8230000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a12c56fe7b01245e793635c3f910ac57c63fd2b039e6d9dc8f7c05fbc79a39f
Instruction ID: 0c0d99db8ecc560fd78668dcb2ed8a1d43622f6e34332d2e5adc37f5e094388e
Opcode Fuzzy Hash: 1a12c56fe7b01245e793635c3f910ac57c63fd2b039e6d9dc8f7c05fbc79a39f
Instruction Fuzzy Hash: 28D1F631D20B5A8ECB00EB64D9546ADF7B1FF95300F20879AD40937265EB70AAC9CF91

Uniqueness

Uniqueness Score: -1.00%

Function 05DA17A3 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2395111089.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5da0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e38c0f1748814278600102e30c3766af56202d9ab7c10dd41d3cba25b8dce3b4
Instruction ID: fc22ac2aab34017de05e003c81f9fc384606a4de92d92c2cb419081da54a9b57
Opcode Fuzzy Hash: e38c0f1748814278600102e30c3766af56202d9ab7c10dd41d3cba25b8dce3b4
Instruction Fuzzy Hash: 96C1A274E002189FEB54DFA9D944B9EBBF2BF88300F1481AAE509AB394DB305D85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 06D9161C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4928a09b500e42f893e40041ecb9e952c923c370210708b6e2b44aebdd330f3
Instruction ID: c96b56b20d319961ce510cbc5dedc3bc93e29d15ba50f1c26ae60589b5700c0c
Opcode Fuzzy Hash: a4928a09b500e42f893e40041ecb9e952c923c370210708b6e2b44aebdd330f3
Instruction Fuzzy Hash: A5A18132E1020A9FCF45DFB5CC845EEBBB2FF85300B15856AE815AB265DB31D915CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 08233B20 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2397067167.0000000008230000.00000040.00000800.00020000.00000000.sdmp, Offset: 08230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8230000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd64be198588416671358f181e39540fb7a03a312786194d0c79169799d37612
Instruction ID: aad54fbc145247888a3ee7fc334aa45095034e7bc64b12d95da60f9235403dad
Opcode Fuzzy Hash: dd64be198588416671358f181e39540fb7a03a312786194d0c79169799d37612
Instruction Fuzzy Hash: 37D1E731D20B5A8ECB00EB64D9546ADF7B1FF95300F20879AD50937265EB70AAC9CF91

Uniqueness

Uniqueness Score: -1.00%

Function 08C5DDA8 Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bf803fc860d714fd7ed053f031d347fc315cc6527dbd543db106f6af266b9d9
Instruction ID: e0b8a50bcbf7179122ded3653fac45c7ac0d9006135538c1bad221c9c2a3dc1c
Opcode Fuzzy Hash: 6bf803fc860d714fd7ed053f031d347fc315cc6527dbd543db106f6af266b9d9
Instruction Fuzzy Hash: E6A1F270E05318CFCF44CFA6E984A9DBBB2FB89301F14952AD90ABB255D7349981CF18

Uniqueness

Uniqueness Score: -1.00%

Function 06D93400 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2396193709.0000000006D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6d90000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 237d6b470f7f1805b4732df1c832bb81c1e00ec98f670644f73cf27c30e480d8
Instruction ID: acf49f5ef0518ccdca7553a594b7de27c380f1979d9ba5ea2804868ff841e707
Opcode Fuzzy Hash: 237d6b470f7f1805b4732df1c832bb81c1e00ec98f670644f73cf27c30e480d8
Instruction Fuzzy Hash: F4C14CB08A1756ABD710CF65E98E1A97FB2BB80314B70C309E5616B2E0DFB4144AEF54

Uniqueness

Uniqueness Score: -1.00%

Function 05DA10BD Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2395111089.0000000005DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5da0000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceee7cdb035d11efd92401211535dd1b86a23db1a01e60deaa7f23e67831d165
Instruction ID: 7015828f514ab1227443d326e099ced56b18b865732320d32cc1efdc48a9983c
Opcode Fuzzy Hash: ceee7cdb035d11efd92401211535dd1b86a23db1a01e60deaa7f23e67831d165
Instruction Fuzzy Hash: 7F610F35172705DFDB814B6EF98B2C77BF8EF9A32834A9062E584C6700CF789856DA11

Uniqueness

Uniqueness Score: -1.00%

Function 08C54FC0 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebbb623a7e2ba355d78612814c1808954197aa848798f661e1266108fc237702
Instruction ID: 8e4f47c7a2d2966d16e1dfead1fa839347f8396be4b21ddc5a8a8775a50dd7d5
Opcode Fuzzy Hash: ebbb623a7e2ba355d78612814c1808954197aa848798f661e1266108fc237702
Instruction Fuzzy Hash: C271B374E05209DFCF04CFAAD5809DEFBF2EF89211F24A46AD415B7314D7749A818BA8

Uniqueness

Uniqueness Score: -1.00%

Function 08C54FB0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d09a15e17406e3eb3499273979c82341ac6e48fec5fa251cc45b3e3ab327d97
Instruction ID: c71f8f33f75022ff6b8f3baec40d16f30f68a635fd84fdc7cb2b04591f2e75cc
Opcode Fuzzy Hash: 7d09a15e17406e3eb3499273979c82341ac6e48fec5fa251cc45b3e3ab327d97
Instruction Fuzzy Hash: 5671E674E05209CFCF04CFAAD5809DEFBF2BF89211F24956AD415B7354D7349A828BA8

Uniqueness

Uniqueness Score: -1.00%

Function 08C55E99 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb3e3ee29ac91296371c5fe70d455e306cd380133fc0825cda633648bbf79976
Instruction ID: 8fef07b2424f44d4940da7835da399aabb07fb289cee8ceb0c9349da15ace58e
Opcode Fuzzy Hash: fb3e3ee29ac91296371c5fe70d455e306cd380133fc0825cda633648bbf79976
Instruction Fuzzy Hash: 2061FC71E00658CBDB18CF6BD85469ABBF3EFC5310F18C1AAD509AB225DB300996DF11

Uniqueness

Uniqueness Score: -1.00%

Function 08C54A09 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff340aaf2b0f158e7b42f2f35b313fc7a75de10af938c59dc8f65f44f97fc282
Instruction ID: 09ff0676e28a818129152d7b122a44d5a4100704029d4633ce01acacd70f2147
Opcode Fuzzy Hash: ff340aaf2b0f158e7b42f2f35b313fc7a75de10af938c59dc8f65f44f97fc282
Instruction Fuzzy Hash: 4561F4B1D0461A9FDF08CFAAD4815EEFBB1AF89301F14C55AD815AB344D7349A828F98

Uniqueness

Uniqueness Score: -1.00%

Function 08C54709 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2169a4101bc90a248caa86569e50fc65bdaba857611d68881ffa3eb673a54101
Instruction ID: 4c6d69056f31d3a65c2cec4ad2e07ad8beaf85b1f31acbec12c6e77745a344de
Opcode Fuzzy Hash: 2169a4101bc90a248caa86569e50fc65bdaba857611d68881ffa3eb673a54101
Instruction Fuzzy Hash: AF6117B4D0524ACFCB08CF9AD5809AEFBB2FF89351F14855AD815A7315D334A982CF98

Uniqueness

Uniqueness Score: -1.00%

Function 08C55F0D Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed23fc1240ec639286326d31ce50ab18779e2dd8681d5c9bf223fd2d8f6ba765
Instruction ID: 4c4d0cd132b46283ec0ea588f04da760664c4080073d4d306a7bc34250342d9b
Opcode Fuzzy Hash: ed23fc1240ec639286326d31ce50ab18779e2dd8681d5c9bf223fd2d8f6ba765
Instruction Fuzzy Hash: FA516B71E056588FDB19CF6B9D4469AFBF3AFC9200F18C1BAC44DAA265DB3409458F11

Uniqueness

Uniqueness Score: -1.00%

Function 08C54D78 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0a71836864490b73fc0c31e6652c7dac2eb75df19cd27e1e16356fb9572d697
Instruction ID: 225d0ad8576a611f299c69a3d2afadd7ae6cd979c540862bba3012908fef5dee
Opcode Fuzzy Hash: d0a71836864490b73fc0c31e6652c7dac2eb75df19cd27e1e16356fb9572d697
Instruction Fuzzy Hash: 4641FBB0D0424A9FCF48CFAAC5805AEFBF2BF89311F14D1AAC515A7255D3349682CF98

Uniqueness

Uniqueness Score: -1.00%

Function 08C54D88 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3e78444994e964a848b5500c7f6c25461ade0fe5295a8a56812c121fae307c
Instruction ID: 383f617c3b36bcb82a1e7ad7da862f955db60747377e06642495dbad1b30c7c9
Opcode Fuzzy Hash: 5d3e78444994e964a848b5500c7f6c25461ade0fe5295a8a56812c121fae307c
Instruction Fuzzy Hash: 4041C9B0E0420A9FDF48CFAAC5415AEFBF2BB88301F14D46AC915A7355D73496918F98

Uniqueness

Uniqueness Score: -1.00%

Function 08C553F0 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b8cc1289818130c0e077b894550d2f1c0cefdf4a992d318f6e5cd108659da52
Instruction ID: 790fc61eb3ed35801eb00c396d66506eb8b568b16e7e0695dfd9439ab731953b
Opcode Fuzzy Hash: 1b8cc1289818130c0e077b894550d2f1c0cefdf4a992d318f6e5cd108659da52
Instruction Fuzzy Hash: C141D771E016188FDB58CFABD84069EFBB3BFC8301F14D0AAD409AB214DB305A868F55

Uniqueness

Uniqueness Score: -1.00%

Function 08C553E1 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef912a3a76e0432682375b273c7e3c3d88a1b8ac1730cb97ea0d54480ad8f122
Instruction ID: 887781bb0ccd5de6fecf0c4cfe7414b9f55211ea30e418c40ebe14becfd883c6
Opcode Fuzzy Hash: ef912a3a76e0432682375b273c7e3c3d88a1b8ac1730cb97ea0d54480ad8f122
Instruction Fuzzy Hash: FB41EA70E056588FDB58CFABD84068EFBF3BF89301F14D0AAD409AB255DB305A868F55

Uniqueness

Uniqueness Score: -1.00%

Function 08C50006 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 648901df6bc101ae9fe3dababaecb403d3a9e329ec89b4a0d2265807baab9b68
Instruction ID: 0f9cd67f3726f82331b1210c79b1c3f595ac6e90fba11f822f1590bcc9a330c6
Opcode Fuzzy Hash: 648901df6bc101ae9fe3dababaecb403d3a9e329ec89b4a0d2265807baab9b68
Instruction Fuzzy Hash: 7B310070D057588FD719CF6AC85069ABFF3AFCA300F09C0AAC455AB266DB344945DF61

Uniqueness

Uniqueness Score: -1.00%

Function 08C50040 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78127f2e8aa98ef803c763ab25620f77ca0182c30df7714f9a3bca2325530f2f
Instruction ID: 8e95b8419833be507edcc9165bb6d0cba41ef5a88d5dfaf5be79a3eda54863c0
Opcode Fuzzy Hash: 78127f2e8aa98ef803c763ab25620f77ca0182c30df7714f9a3bca2325530f2f
Instruction Fuzzy Hash: 0C21A671E006189FEB58CFABD84069EFBF7AFC8300F14C0AAD919A6254EB341A458F51

Uniqueness

Uniqueness Score: -1.00%

Function 08C59108 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f454c294049c391dd99529b18c0455c06a27d33399b5dd35865d6af686c8348e
Instruction ID: 93ba292d29f72babd22e964f374d9de57d76c4bb0ef9ffac9bb38422d0482734
Opcode Fuzzy Hash: f454c294049c391dd99529b18c0455c06a27d33399b5dd35865d6af686c8348e
Instruction Fuzzy Hash: EC213571E01219CBDB08CFAAE8406DEFBF7ABC9210F14C16AD418A7254DB344A458F91

Uniqueness

Uniqueness Score: -1.00%

Function 08C58A78 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62a6d7f6a255287ccc89d7d3d022a15a7b9387365d33f59c0ea32598d9f45e4e
Instruction ID: 3b6fb364a929e723f96bbc15b4f9b424b2a04134f6183635036b87fda01b7253
Opcode Fuzzy Hash: 62a6d7f6a255287ccc89d7d3d022a15a7b9387365d33f59c0ea32598d9f45e4e
Instruction Fuzzy Hash: C8111771E116199BDB58CFAAE9406EEFBF7EBC8310F14C07AD808A7215DB305A458F54

Uniqueness

Uniqueness Score: -1.00%

Function 08C5C7E0 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9624898e3a09d8629cccb937f2e5c37fe8af6ec256dda5ce2d71df7d1bba1ac8
Instruction ID: aee0976ae589d8112574929f6438be32f43caae9b3e42c332cfdab98b1b0e1c2
Opcode Fuzzy Hash: 9624898e3a09d8629cccb937f2e5c37fe8af6ec256dda5ce2d71df7d1bba1ac8
Instruction Fuzzy Hash: 80111471E116198BDB58CFAAD8806EEFBF7EFC8210F14C03AD408A7214DB345A428F95

Uniqueness

Uniqueness Score: -1.00%

Function 08C59770 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 660a5bb6f16f3f48ed013ebcc516dd719359dfe22b675d56df4cd1fed6c6b618
Instruction ID: 7cbb27a0fdab6ff4bcde74eac174b25a2289d4efeb40bf6c6e7739b49d718f24
Opcode Fuzzy Hash: 660a5bb6f16f3f48ed013ebcc516dd719359dfe22b675d56df4cd1fed6c6b618
Instruction Fuzzy Hash: EA111471E11619DBDF58CFABE9406AEFBF7EBC8210F14C06AD408A7214DA305A468F65

Uniqueness

Uniqueness Score: -1.00%

Function 08C590F9 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 690b77794f6fbf78b47d840b5d5f0290e3fe0519a98321208444109d1796c219
Instruction ID: a5f3911e3df6069ccea3d84a650113c8eab184cca6555ecd7f332db8e9098623
Opcode Fuzzy Hash: 690b77794f6fbf78b47d840b5d5f0290e3fe0519a98321208444109d1796c219
Instruction Fuzzy Hash: 43213670E116199BDB48CFAAD8406EEFBF3AFC9300F14C27AD408A6255DB344A868F51

Uniqueness

Uniqueness Score: -1.00%

Function 08C58A77 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2398939831.0000000008C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c50000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20567dd806a7421c52e5ce9fcd2c369d9d1f4eb51bdcd91f1ed77402a9b58948
Instruction ID: 2edbea57688faf3018d7783a5d568782b454dfbf35bf77071f05afc08805a09d
Opcode Fuzzy Hash: 20567dd806a7421c52e5ce9fcd2c369d9d1f4eb51bdcd91f1ed77402a9b58948
Instruction Fuzzy Hash: AD112B70E116199BDB58CFABD9406AEFAF3AFC8300F14C17AD408B7315DA304A458F54

Uniqueness

Uniqueness Score: -1.00%

Function 08215D68 Relevance: 6.4, Strings: 5, Instructions: 184COMMON

Download Yara Rule

Strings

B, xrefs: 08215E3B
@, xrefs: 08215D89
Hoq, xrefs: 08215E85
@, xrefs: 08215E36
B, xrefs: 08215D8E

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: @$@$B$B$Hoq
API String ID: 0-4102350239
Opcode ID: a4dd152b76adeeb31545f76322254d705b94604e2997090635095244e0096c2e
Instruction ID: d9d6e420ac9e5d181924761bbb65d038d18752050756b3fbf4035ca11dc2795b
Opcode Fuzzy Hash: a4dd152b76adeeb31545f76322254d705b94604e2997090635095244e0096c2e
Instruction Fuzzy Hash: F8519035B106058FCB24DF68C58496ABBF6FFD931176445AAE41ACB3A1DB31EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0191DBB0 Relevance: 5.1, Strings: 4, Instructions: 129COMMON

Download Yara Rule

Strings

Xoq, xrefs: 0191DC25
Xoq, xrefs: 0191DBF1
Xoq, xrefs: 0191DCF3
Xoq, xrefs: 0191DCAB

Memory Dump Source

Source File: 00000000.00000002.2383175625.0000000001910000.00000040.00000800.00020000.00000000.sdmp, Offset: 01910000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1910000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: Xoq$Xoq$Xoq$Xoq
API String ID: 0-1961338500
Opcode ID: 78728be08e8bd7fb19ebc7ab5754a7820a2786beb9621a5babd7a724633f5628
Instruction ID: 09df4fb89c9aba246cb086c66e2a5ea3b802abaf741582ae428b8b3073eb60b0
Opcode Fuzzy Hash: 78728be08e8bd7fb19ebc7ab5754a7820a2786beb9621a5babd7a724633f5628
Instruction Fuzzy Hash: 6641F931E4021F8BDF3656AC85547BEAAE9BB84210F1504B5C91EA334DEA70CCC09B91

Uniqueness

Uniqueness Score: -1.00%

Function 08215D57 Relevance: 5.1, Strings: 4, Instructions: 104COMMON

Download Yara Rule

Strings

B, xrefs: 08215E3B
@, xrefs: 08215D89
@, xrefs: 08215E36
B, xrefs: 08215D8E

Memory Dump Source

Source File: 00000000.00000002.2396999205.0000000008210000.00000040.00000800.00020000.00000000.sdmp, Offset: 08210000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8210000_Zapytanie ofertowe (7427-23 ROCKFIN).jbxd

Similarity

API ID:
String ID: @$@$B$B
API String ID: 0-685577651
Opcode ID: a23336b464deb1ff14d398f1653bbec8ef6dc327bad20055277908714038d0f1
Instruction ID: f8fa154876b90fea234781b2915c9a6dbf5b05e29e700bb17c14943a1202a4a3
Opcode Fuzzy Hash: a23336b464deb1ff14d398f1653bbec8ef6dc327bad20055277908714038d0f1
Instruction Fuzzy Hash: 4931AE75B206168FDF14CF69CA8986ABBF5AFD931276440AAE006CB271D730DD41CB91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: InstallUtil.exePID: 7708, Parent PID: 6580COMMON

Execution Graph

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	24
Total number of Limit Nodes:	5

Executed Functions

Function 01699BF2 Relevance: 2.7, Instructions: 2745COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b724a5a4cb884ecc9da624d321ea4cedfb37bfccac57790a671d13f1349f71
Instruction ID: 385d4c2e7fda688509c1fdfc71515a636da6a016ce0e5aa3d6d40404748b619b
Opcode Fuzzy Hash: 75b724a5a4cb884ecc9da624d321ea4cedfb37bfccac57790a671d13f1349f71
Instruction Fuzzy Hash: E153FA31C10B1A8ACB55EF68C890599F7B1FF99300F11D79AE4587B225FB70AAD4CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0169CDC0 Relevance: 2.3, Instructions: 2333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c12badd8f247c35e87ea5b9031a26a4215acf40b18866a85532b26ee45369f4
Instruction ID: c9447a840a63e35727036927aefd3dd6843d228bdf93309c656af0c3db9d8bb1
Opcode Fuzzy Hash: 6c12badd8f247c35e87ea5b9031a26a4215acf40b18866a85532b26ee45369f4
Instruction Fuzzy Hash: 9A331B31D1061A8FDB11EF68C88069DF7B5FF99300F15C69AD458AB225EB70EAC5CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01694A98 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cf814ca7eaa1682589cc98ccb855cfb6761909cab20bd413e9162e0d9c2a403
Instruction ID: 0fb3e15056dc4a8020ce15a539c30d73ecf2122526288d85d9b82413be12ed5d
Opcode Fuzzy Hash: 1cf814ca7eaa1682589cc98ccb855cfb6761909cab20bd413e9162e0d9c2a403
Instruction Fuzzy Hash: ABB13B71E00209CFDF14CFA9CE8579DBBF6AF88354F148529D815AB358EB749846CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01693E80 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cead241de3f2db180192b12358b251b2f1aff156bb76b667bc8b7c092022f3e9
Instruction ID: aef9888bb3570ada71c9fc4b36708de95863e065ab6de1592b9c56b5d83e3822
Opcode Fuzzy Hash: cead241de3f2db180192b12358b251b2f1aff156bb76b667bc8b7c092022f3e9
Instruction Fuzzy Hash: B1912CB0E002099FDF14CFA9CD857AEBBF6BF58314F148529E415AB354EB749886CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01696ED8 Relevance: 2.6, Strings: 2, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LRkq, xrefs: 01696FBD
LRkq, xrefs: 01696F0E

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID: LRkq$LRkq
API String ID: 0-2882777380
Opcode ID: 47f7ec31ce81bfc4cdec225c051667e8583ad06d3dcd3a1da2a0a1bb5032a1cb
Instruction ID: 19e530efe57130381ebf11ead02be749810d071101d512f5362f1b9c0492b3df
Opcode Fuzzy Hash: 47f7ec31ce81bfc4cdec225c051667e8583ad06d3dcd3a1da2a0a1bb5032a1cb
Instruction Fuzzy Hash: 63519070A102158FDF15DF78C9516AEB7B6FF8A300F20846AE405EB395EB759C42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0657E1A1 Relevance: 1.6, APIs: 1, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000005.00000002.2928833787.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6570000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2aad17cfa97a4aedc97c7c22b4724d314009921df56146fe1ab735fb4042517
Instruction ID: e80d572bba05690378c75dc8d92e57ec5557b212fa19901472b1f5f060fc466a
Opcode Fuzzy Hash: a2aad17cfa97a4aedc97c7c22b4724d314009921df56146fe1ab735fb4042517
Instruction Fuzzy Hash: F4515971D043969FCB15CFB9D8146EABFF5BF8A210F1481ABD404A7292DB349845CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 0657E288 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 0657E2EF

Memory Dump Source

Source File: 00000005.00000002.2928833787.0000000006570000.00000040.00000800.00020000.00000000.sdmp, Offset: 06570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_6570000_InstallUtil.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 965bf17f82f7bc4ff9f29c199fb7f1656972c6167d5d91f9925ee40e0f79ce04
Instruction ID: 97bad983cfc4e00afa281e0fb75908b32c1b9f5b87e108646dfea66a73aeeb56
Opcode Fuzzy Hash: 965bf17f82f7bc4ff9f29c199fb7f1656972c6167d5d91f9925ee40e0f79ce04
Instruction Fuzzy Hash: 561123B1C002699BCB20CF9AC545BDEFBF4BF48320F10816AD818B7251D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0169F3D5 Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

PHkq, xrefs: 0169F523

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID: PHkq
API String ID: 0-902561536
Opcode ID: b62a9306dd4ba0f87bbc5f09fb544d96ab0265155c072b3e615a98b7cf32fe43
Instruction ID: 4ddb2735465ae285897cf6aaa6ece6bfc0b0a7c48bea9704ea11890566bc311e
Opcode Fuzzy Hash: b62a9306dd4ba0f87bbc5f09fb544d96ab0265155c072b3e615a98b7cf32fe43
Instruction Fuzzy Hash: A841D1307012018FCF159F38D99426E7FEAAF89650F2584A9D406DB3AADF35DC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01696F78 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

LRkq, xrefs: 01696FBD

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID: LRkq
API String ID: 0-1052062081
Opcode ID: 3b71b4579cb296f832b4427822881a03d10e02b089a9e52b6989596729d0da26
Instruction ID: 72d31fa4604238e550e5f8aff6b63c976f5911ca3893faa847278b39303e15ed
Opcode Fuzzy Hash: 3b71b4579cb296f832b4427822881a03d10e02b089a9e52b6989596729d0da26
Instruction Fuzzy Hash: 15316F74E102198BDF15CFA9D9507AEB7BAFF89300F60852AE405EB350EB71A842CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01691488 Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

D, xrefs: 01691488

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID: D
API String ID: 0-2746444292
Opcode ID: e1dcca9d57b7ac3328c13151a66d43681db0a18f7710c2189c6114cd18b62260
Instruction ID: 7664e628b7dc2883e53a12ab8564d90ece226140a8190bc35a8356470575604b
Opcode Fuzzy Hash: e1dcca9d57b7ac3328c13151a66d43681db0a18f7710c2189c6114cd18b62260
Instruction Fuzzy Hash: E021A471A022169FDF219FBC98443AD7BE9EB4A361F24447AE806D7341D736C8428B51

Uniqueness

Uniqueness Score: -1.00%

Function 01696B90 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

LRkq, xrefs: 01696BD7

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID: LRkq
API String ID: 0-1052062081
Opcode ID: 448e5544a009df8542c6cdfa8f88b4dcc85840be53762dfdbd2f4a5007e4d594
Instruction ID: a38b12e7399635b8c6fa3ed6f2670378501bdecaf62c6a6afe6cf061f2657042
Opcode Fuzzy Hash: 448e5544a009df8542c6cdfa8f88b4dcc85840be53762dfdbd2f4a5007e4d594
Instruction Fuzzy Hash: 9721E130A093518FCB12AF39D4502EA7FB5EF9B310F1085EBC045CB2A9EA798C45C791

Uniqueness

Uniqueness Score: -1.00%

Function 01697908 Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e87733d494548ddaea6d9c41124c0c73f0f8948ba78afc895937a8c226a65555
Instruction ID: dc106a2cd4e516987b2b74561314812116558cfca171113e5a994c1efbf5c7d4
Opcode Fuzzy Hash: e87733d494548ddaea6d9c41124c0c73f0f8948ba78afc895937a8c226a65555
Instruction Fuzzy Hash: BA125B30750102CFCF16AB3DD8956397AA6FB9A341F60893AE405CB365CF35DC4A9B91

Uniqueness

Uniqueness Score: -1.00%

Function 016996E0 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bfec0577c1ba280c9739204b76f0afc68eb5c9618bdf5886a037cc9fe7f92b2
Instruction ID: 2673c4e697a554a6662a9d3293960886fe12966497e8944743b9cd6571eac0c1
Opcode Fuzzy Hash: 6bfec0577c1ba280c9739204b76f0afc68eb5c9618bdf5886a037cc9fe7f92b2
Instruction Fuzzy Hash: 4ED19F70A002058FDF14CF69D9807AEBBBAEF89314F20856AE909DB395DB75DC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01699364 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ad40707b0dec379c8004ac55b07c4df2705fdeb891573b06428db94e317def8
Instruction ID: d304c1198a7c41468782a83cb2da3a92fc1e3d27f5943f76f5c3b099b0b3690e
Opcode Fuzzy Hash: 5ad40707b0dec379c8004ac55b07c4df2705fdeb891573b06428db94e317def8
Instruction Fuzzy Hash: 60C1A174B002148FDF15DF68D984AAEBBB6EF89315F248469E406E7365DB31EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01694A8D Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eca3b3ca89c572f8be13ae26e75297823a9cd13b3533b7ef1c0fc651afa27f29
Instruction ID: 7cf367348282ffe6cce40af726e24d9010a488f22b7d94fffe2859a96349f303
Opcode Fuzzy Hash: eca3b3ca89c572f8be13ae26e75297823a9cd13b3533b7ef1c0fc651afa27f29
Instruction Fuzzy Hash: F8A13971E00249CFDF14CFA8CE8579DBBF5AF48354F148529E819AB358EB749886CB81

Uniqueness

Uniqueness Score: -1.00%

Function 01693E74 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1d3a2d19f1fa8d0a467b7311822bcda1ae879b1d59dc09bd79c106ca3d9128
Instruction ID: 3eaf6bd841d6bb5c4fe030274da64a5556a58318d3e3e5cf60f8800b36792830
Opcode Fuzzy Hash: da1d3a2d19f1fa8d0a467b7311822bcda1ae879b1d59dc09bd79c106ca3d9128
Instruction Fuzzy Hash: E2A13BB0E00209DFDF14CFA8C9857AEBBF5BF58314F148129E455AB354EB749886CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01694804 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d98de8627bf86a4ea45215cc7cb418856b2c0bf7efbfeee80d016fe0ed366712
Instruction ID: c5af2be632950cb0c57d91bd42c225934eab45c42e37fcd71c1874a86689972e
Opcode Fuzzy Hash: d98de8627bf86a4ea45215cc7cb418856b2c0bf7efbfeee80d016fe0ed366712
Instruction Fuzzy Hash: 24716AB0E00249DFDF10CFA9CA8579EBBF6AF48314F148129E815AB354EB749846CB95

Uniqueness

Uniqueness Score: -1.00%

Function 01694810 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9bf810d83eeae568c31f48d03c55f092ea1244fff0c05e76ba8400a3ae1c312
Instruction ID: 743f74ee4d8fbdc96600d2b5e695842fc2541292aa708e20e173c483070596a0
Opcode Fuzzy Hash: f9bf810d83eeae568c31f48d03c55f092ea1244fff0c05e76ba8400a3ae1c312
Instruction Fuzzy Hash: 5A718EB0E00249DFDF14CFA9CA8479EBBF6BF48314F148129E815AB354EB749846CB85

Uniqueness

Uniqueness Score: -1.00%

Function 01696CDE Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fbd5c16a204ce795fe2c7370ee3667dec9b7802aee53356311cbf4adf1a2279
Instruction ID: 18ce5430528f44e8f9d9cc8e98de048315b2b7a13da112aad057365d931f4087
Opcode Fuzzy Hash: 1fbd5c16a204ce795fe2c7370ee3667dec9b7802aee53356311cbf4adf1a2279
Instruction Fuzzy Hash: DB5104B1D103188FDF14CFA9C885B9DBBB5BF48310F148119E815AB365D7749885CF94

Uniqueness

Uniqueness Score: -1.00%

Function 01696CE8 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab7786dedc2f99c10be2ee3031b8dce243949e9af1b79e13fa9f3927ae5e187d
Instruction ID: 40ed83b73876b68ed9297e4ca2942c7ad609ae025960e5be343e905070213cd3
Opcode Fuzzy Hash: ab7786dedc2f99c10be2ee3031b8dce243949e9af1b79e13fa9f3927ae5e187d
Instruction Fuzzy Hash: BE51F3B1D003188FDF14CFA9C884B9DBBB5BF48314F148519E815AB365D774A884CF95

Uniqueness

Uniqueness Score: -1.00%

Function 01691138 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9811c3c9f1aa7bd9619de9bf4c8e4ba1e1d76f1a1cb5f2286787c7362b7514f
Instruction ID: d218afbda122b71ccf39c500a7ff0125546d56955bf188846e2565898566f813
Opcode Fuzzy Hash: e9811c3c9f1aa7bd9619de9bf4c8e4ba1e1d76f1a1cb5f2286787c7362b7514f
Instruction Fuzzy Hash: 8F51CC30141147CFC605EB2CFA8096E7F6AF79A304B5AE1A9D1004B379DB78AD59CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0169F298 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e3298ac77fdd80c05660fc158cb06019cc0255f278f10df6e43ee96bed34c05
Instruction ID: c15707f9318ee660289c3cc88b761439e1f96d917e76d1847761faab86e6af4e
Opcode Fuzzy Hash: 3e3298ac77fdd80c05660fc158cb06019cc0255f278f10df6e43ee96bed34c05
Instruction Fuzzy Hash: CC319030E002059BCF15CF68D884AAEBBB6EF89310F10C969E806E7355DB75EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 016926DC Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d990a3562be15061ebfaa562e2984440ba799867548a66bf1d4043f68c9d9f78
Instruction ID: a8b422975d3151ffbdcc5ead7439bec264b1db0c5b30ec760053d051613a2751
Opcode Fuzzy Hash: d990a3562be15061ebfaa562e2984440ba799867548a66bf1d4043f68c9d9f78
Instruction Fuzzy Hash: 7441EFB0D00349EFDB10CFA9C994ADEBFB5AF48310F14842AE419AB254DB759949CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01695098 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c50b715125e0ad9f6340fa5bbea663900328a08fe1af110a7d4ad923eb60e02
Instruction ID: fb6232130bffc25021b7c72f85684faf77c9a0419f1df1c2af74558ac0c46fff
Opcode Fuzzy Hash: 8c50b715125e0ad9f6340fa5bbea663900328a08fe1af110a7d4ad923eb60e02
Instruction Fuzzy Hash: CB314D70600306CFDF1AEB78C9516AE77BAEF49355F2144ADD402AB3A4DB3A9D01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0169F2A8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54ddce16786ff6e844bd33bb961331c452e9120cfd4669ee0ebaca82618e92e0
Instruction ID: ad113060a3e7ddbfc32153e23334744ced99ea7200db288f7dae4ac0b3d60739
Opcode Fuzzy Hash: 54ddce16786ff6e844bd33bb961331c452e9120cfd4669ee0ebaca82618e92e0
Instruction Fuzzy Hash: 37318034E102059BCF15CF69D994AAEBBB6EF89310F10C969E806E7354DB75EC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 016926E8 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75cab10230ef9a4ac11f97f5db919747d04276c564c4d29a2cceabfa9edcb030
Instruction ID: 2b24594c5c78f01c4dd32bb3b31d0668c8cd20ee413d674e4b8d14f9018f3d5d
Opcode Fuzzy Hash: 75cab10230ef9a4ac11f97f5db919747d04276c564c4d29a2cceabfa9edcb030
Instruction Fuzzy Hash: AE41E1B0D00349EFDB10DFA9C994ADEBFB9FF48310F108429E419AB254DB75A949CB90

Uniqueness

Uniqueness Score: -1.00%

Function 016950A8 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4231319d74b602214950faba5df723366b5fcc4b284e8221442add8a5da532
Instruction ID: 9453ea78b34386f7251e54b3122ff106fc2add7f0a6c3d958ad7db9b5c36488e
Opcode Fuzzy Hash: 0b4231319d74b602214950faba5df723366b5fcc4b284e8221442add8a5da532
Instruction Fuzzy Hash: 06312D70700216CFDF1AEB78C9506AE77FAAB49345F2004A9D402AB3A4DB36DC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01699250 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98f49d4576f27820f9d3d4070e5a5d0ef69d93e564c0052228ad8bd945491f92
Instruction ID: 3d47aadb6b1d78a19fbd4f9f2df8281b86c0b868330d85f35400ab85fbd98087
Opcode Fuzzy Hash: 98f49d4576f27820f9d3d4070e5a5d0ef69d93e564c0052228ad8bd945491f92
Instruction Fuzzy Hash: 0D319F71E102069BCF05CFA8D9806AEFBB6FF99304F50C529E405EB351DB719846CB90

Uniqueness

Uniqueness Score: -1.00%

Function 016916A0 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b98a3805417c4970ee88e829901441590b362683b09e67ed075662fc003b704
Instruction ID: 07233593dba90661d64315bbb39cb2ebb2d852e645b749fb3685f6fe5be963f8
Opcode Fuzzy Hash: 5b98a3805417c4970ee88e829901441590b362683b09e67ed075662fc003b704
Instruction Fuzzy Hash: 382162306042138FDF219B28ED4477D776EE746324F20966AD546CB36AD738DC458F91

Uniqueness

Uniqueness Score: -1.00%

Function 01699260 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73f2a7f236b712cf71a8efe9da81b551d9c2bf4bb8b0a64285318f031bd68cf7
Instruction ID: a00641e4dd5e46d8148b28b1cec4f956b93e7b710c701c61129594df8aeb4727
Opcode Fuzzy Hash: 73f2a7f236b712cf71a8efe9da81b551d9c2bf4bb8b0a64285318f031bd68cf7
Instruction Fuzzy Hash: 97218230E1020A9BDF05CFA9D9806AEFBB6FF89304F50C529E805EB355DB719846CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01699150 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b38c3605a3ed8b63cd570b3c5a43047cca32d8d262d5e91b527a9a6618004607
Instruction ID: f60534988fd29d2b95c29b2ef9877eda7d60ed2577e54d96998faa895b8f6c1e
Opcode Fuzzy Hash: b38c3605a3ed8b63cd570b3c5a43047cca32d8d262d5e91b527a9a6618004607
Instruction Fuzzy Hash: 6F21A130E102068BDF19CFA4D9446EEB7B6BF99304F10852EE815FB351EB719842CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01691380 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18872519c834381933c0d70a508785a5674bfebf8de0a08ac56e50663d33241b
Instruction ID: f3ff8a465ef5a53bde7f37f6c201f36ac94ccd84c88af5ca11da96c6b07a8d5e
Opcode Fuzzy Hash: 18872519c834381933c0d70a508785a5674bfebf8de0a08ac56e50663d33241b
Instruction Fuzzy Hash: B221C070A062128FDF325778D94836C3A69E74B729F24046ED546C77AAC728C8818742

Uniqueness

Uniqueness Score: -1.00%

Function 014AD030 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2921806694.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_14ad000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3a0beeda73fb5940df4d623414b1248ad14536971640cf405958a1dcccabf6
Instruction ID: 2ecdcad7d6fccffe999c9b2b8adb4b6b503b15939d8cca9c2b7a5c1ecd5e3898
Opcode Fuzzy Hash: 5d3a0beeda73fb5940df4d623414b1248ad14536971640cf405958a1dcccabf6
Instruction Fuzzy Hash: 902167B0948200DFCB11DF58C9C0B26BFA1FB94318F60C56ED80A4B762C336D447CA61

Uniqueness

Uniqueness Score: -1.00%

Function 01691878 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5606b4cc6eecd40afecada8a39dd70c60eca2dc2cbfd741a73dda7870fa0ee84
Instruction ID: e8f95938e3ebfb7cfd8de1bd88f1d9e7b06890fbd23604344f2ef400d509b80d
Opcode Fuzzy Hash: 5606b4cc6eecd40afecada8a39dd70c60eca2dc2cbfd741a73dda7870fa0ee84
Instruction Fuzzy Hash: 33212F30B00206CFDF14EB68C9557AE77FAAF4A365F2004A8D505EB395DB369D41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 01694F88 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab786d8acde06cc963ab8679b8735e1186271a9d56db4b12c4d6120d8a6303df
Instruction ID: e5e03fda654985327f216e92d1cdd434a6885a611136de2d17b6ca7aca52b21a
Opcode Fuzzy Hash: ab786d8acde06cc963ab8679b8735e1186271a9d56db4b12c4d6120d8a6303df
Instruction Fuzzy Hash: F5215A30700205CFDB54EF79D998AAE7BF5EF49301B2044A9E406EB3A5EB369D01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 01699160 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db65fd31742c028f3022ba89c00d407ca07391af3f035abc7953540753351ce4
Instruction ID: f3692b02648509d9fcf019861df2c667f2a461ccf57c680fd57fe457f520fb66
Opcode Fuzzy Hash: db65fd31742c028f3022ba89c00d407ca07391af3f035abc7953540753351ce4
Instruction Fuzzy Hash: 8C218030E1020A9BDF19CFA4D9549AEB7B6BF89304F10C52EE815FB351DB719846CB50

Uniqueness

Uniqueness Score: -1.00%

Function 01691888 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d76f8ee88f4b91c7406ece075d12de8152db0f3aec3ec897a8f621b12206a4
Instruction ID: f8f636a85e6384f257e0b1795b67e01e637450836a6b09d57d52d09a10e9522f
Opcode Fuzzy Hash: c1d76f8ee88f4b91c7406ece075d12de8152db0f3aec3ec897a8f621b12206a4
Instruction Fuzzy Hash: EA211030B00206CFDF14EB68C9547AE77FAAB8A255F3004A8D505EB3A4DF369D45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 016916B0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53806ab26aab7aa01b41d387e00e2013d75d6f2a3c10aaa870ef44192f3dcaa7
Instruction ID: 37bf14a8e1f7d7c98b96c4d729ca0b6d0d4a37e59afd1365e8782f347508786d
Opcode Fuzzy Hash: 53806ab26aab7aa01b41d387e00e2013d75d6f2a3c10aaa870ef44192f3dcaa7
Instruction Fuzzy Hash: FD210B346401038FDF219728E98477E776EEB4A324F209625D54ACB36ADB38DC858F91

Uniqueness

Uniqueness Score: -1.00%

Function 01694F98 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbf8dbd9097bd5888b96b5541a2fc485f71f8139bdc678a7097231931cc68532
Instruction ID: 334387325aee599a08f9735c7ee0ab0e3e3c67ad4d0a6fc1dd7f50a8ce0499ac
Opcode Fuzzy Hash: bbf8dbd9097bd5888b96b5541a2fc485f71f8139bdc678a7097231931cc68532
Instruction Fuzzy Hash: 20211930700205CFDB14DF79D998AAE77F5EB89245F2044A9E406EB3A4EB369D01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 014AD006 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2921806694.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_14ad000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2753f22ea0b26814729e03898ec9d2095066a241c0692511ec1e4506df4d9901
Instruction ID: 76db982b9f2a5a982f21f7a29581ab6f00be555bba63d8f6dd4fdd2f08ca7bb6
Opcode Fuzzy Hash: 2753f22ea0b26814729e03898ec9d2095066a241c0692511ec1e4506df4d9901
Instruction Fuzzy Hash: DC216B7554D3C08FDB03CF64C990715BF71AB46214F29C5EBD8898F6A7C23A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 01690838 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb50ed6f7e6b900ad1e81a4da64fbda95db01b1964ee72357882bc2a8fc7c4f9
Instruction ID: be085989992e47876728fa85c1c014def576b302449b060864a5a2bf152ac46c
Opcode Fuzzy Hash: fb50ed6f7e6b900ad1e81a4da64fbda95db01b1964ee72357882bc2a8fc7c4f9
Instruction Fuzzy Hash: 62118230B052059FEF215A789E4437E76ADEB81310F25897AE506DF352DB64CC464BC1

Uniqueness

Uniqueness Score: -1.00%

Function 01690848 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e93de0226b2e8b2e7efc903acfeefe8ae2f86bab1843f06f10ec44bb81ec03
Instruction ID: 56ad75b8ab4bdb9efa822ef613618f9871a2c13d4fe59fec5a5a1369a524cb5b
Opcode Fuzzy Hash: e3e93de0226b2e8b2e7efc903acfeefe8ae2f86bab1843f06f10ec44bb81ec03
Instruction Fuzzy Hash: C711BF30B002049FEF215A7CCE4472E72ADEB45310F21893AE106DF352DB64CC868BC1

Uniqueness

Uniqueness Score: -1.00%

Function 016980F1 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ad07683b96a592c2c76b2adf9247fa1bc22f0e42ec744bcdedf70028987992
Instruction ID: 0d717d93d4729030a8e4caa4644bb3c636961d66824ea192cbbf53910e2d2112
Opcode Fuzzy Hash: 32ad07683b96a592c2c76b2adf9247fa1bc22f0e42ec744bcdedf70028987992
Instruction Fuzzy Hash: 2E11813064020ADFCF01EF78E9916ADBBBAEB95300F10857AC505DB365EB35DE499B80

Uniqueness

Uniqueness Score: -1.00%

Function 016917C0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3152e33ff6bb1a1ea4e124e231f361029321d84bd818ba17626e1018dafdf17
Instruction ID: 0db13c659fa09447a937ac0e0b8ba93513e3b7d41b1b47920c731999f3a5e9db
Opcode Fuzzy Hash: e3152e33ff6bb1a1ea4e124e231f361029321d84bd818ba17626e1018dafdf17
Instruction Fuzzy Hash: 47110275F00212CFCF10AB79990866F7BE9EB88360F208426D90AD7344E738C902CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 01691498 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 679211e8aef190dda556b04f70a4be5eac7fb955d0423ed99ec15ce6506aa57b
Instruction ID: 0808c2bee50f4737a887d033e86b0935c66e88d73c25f12b013f9026cede5d85
Opcode Fuzzy Hash: 679211e8aef190dda556b04f70a4be5eac7fb955d0423ed99ec15ce6506aa57b
Instruction Fuzzy Hash: 3A018431A012169FCF11EFBC885019D7BFDEB59261B240479E806E7341E735D9428B95

Uniqueness

Uniqueness Score: -1.00%

Function 01699890 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a36451fda2e8f60fcba1aa1d21a35b7d22637434c212d6a9e2ab902869ec4ef
Instruction ID: 0f0d55cd489219f9b530c52e36e25014a90737a76a3670cf5541340d3dbed65c
Opcode Fuzzy Hash: 4a36451fda2e8f60fcba1aa1d21a35b7d22637434c212d6a9e2ab902869ec4ef
Instruction Fuzzy Hash: DE11A530A002058FDF10DF69D98478ABFA5FF81310F54C169D90C5B3AAD770AD46C791

Uniqueness

Uniqueness Score: -1.00%

Function 01697090 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a616d47b94ea7c71b1301f5f403f356e277e975d07c4ca6d6fd8dc6390483b
Instruction ID: 3ead249502263f8ce5d67a13237e71a8fb2e9a3def0e4243084e83ed0575d985
Opcode Fuzzy Hash: f3a616d47b94ea7c71b1301f5f403f356e277e975d07c4ca6d6fd8dc6390483b
Instruction Fuzzy Hash: 7EF0EC35B00104CFCB14DB68D598B6D77B2EF88715F1140A9E5069B3B4DB35AD42CF40

Uniqueness

Uniqueness Score: -1.00%

Function 01698100 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.2922423661.0000000001690000.00000040.00000800.00020000.00000000.sdmp, Offset: 01690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_1690000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c13c440c1d60ddd3a7ac8dd801b289a9721fa3f8697e34c778a98aa54621db6
Instruction ID: 5bfa6378eaee0b37425c820f01a23fc14cecd096e8fe33fde462546848ddde4c
Opcode Fuzzy Hash: 2c13c440c1d60ddd3a7ac8dd801b289a9721fa3f8697e34c778a98aa54621db6
Instruction Fuzzy Hash: 45F04430A4110AEFCF00EFB4FA515ADBBB6FB44700F509679C50597269EF35AE488B85

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Zapytanie ofertowe (7427-23 ROCKFIN).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Zapytanie ofertowe (7427-23 ROCKFIN).exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
Zapytanie ofertowe (7427-23 ROCKFIN).exe

Function 08238268 Relevance: 5.6, Instructions: 5633
COMMON

Function 08218929 Relevance: 5.2, Instructions: 5173
COMMON

Function 08218938 Relevance: 5.2, Instructions: 5170
COMMON

Function 08217B38 Relevance: 5.7, Strings: 4, Instructions: 683
COMMON

Function 0191F340 Relevance: 5.2, Strings: 4, Instructions: 247
COMMON

Function 0191D0A8 Relevance: 5.2, Strings: 4, Instructions: 179
COMMON

Function 0191F910 Relevance: 4.1, Strings: 3, Instructions: 349
COMMON

Function 0191F5D1 Relevance: 4.0, Strings: 3, Instructions: 226
COMMON

Function 0191F7AE Relevance: 4.0, Strings: 3, Instructions: 225
COMMON

Function 0191F655 Relevance: 4.0, Strings: 3, Instructions: 223
COMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre