Edit tour

Windows Analysis Report
Order Enquiry MX-M754N_20240207_114441.exe

Overview

General Information

Sample name:	Order Enquiry MX-M754N_20240207_114441.exe
Analysis ID:	1430320
MD5:	6612264b0e2a149cece9e7e541af18e3
SHA1:	28d98b61743ba38eb54d8f6a1d4915098eb1775b
SHA256:	205cac67754c6dd6a1c8945b76c800a5019eef9c66d0dde1519ea6c4c1e70976
Tags:	exe
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Binary is likely a compiled AutoIt script file

Contains functionality to log keystrokes (.Net Source)

Initial sample is a PE file and has a suspicious name

Machine Learning detection for sample

Maps a DLL or memory area into another process

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

OS version to string mapping found (often used in BOTs)

Potential key logger detected (key state polling based)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Uses 32bit PE files

Uses SMTP (mail sending)

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

Order Enquiry MX-M754N_20240207_114441.exe (PID: 2640 cmdline: "C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe" MD5: 6612264B0E2A149CECE9E7E541AF18E3)

RegSvcs.exe (PID: 6972 cmdline: "C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "bezelety.top", "Username": "procode@bezelety.top", "Password": "IxF(..bSed6k                    "}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000002.2897411725.00000000032A8000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334bf:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33531:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335bb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3364d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336b7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33729:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337bf:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3384f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000001.00000002.2897411725.0000000003231000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.2897411725.0000000003231000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: Order Enquiry MX-M754N_20240207_114441.exe PID: 2640	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Order Enquiry MX-M754N_20240207_114441.exe PID: 2640	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: RegSvcs.exe PID: 6972	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: RegSvcs.exe PID: 6972	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334bf:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33531:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335bb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3364d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336b7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33729:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337bf:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3384f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
1.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
1.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
1.2.RegSvcs.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334bf:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x33531:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335bb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3364d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336b7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33729:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337bf:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3384f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x316bf:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x31731:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x317bb:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3184d:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x318b7:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x31929:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x319bf:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31a4f:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
Click to see the 4 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 194.36.191.196, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, Initiated: true, ProcessId: 6972, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://bezelety.top

Avira URL Cloud: Label: phishing

Found malware configuration

Source: 1.2.RegSvcs.exe.400000.0.unpack

Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "bezelety.top", "Username": "procode@bezelety.top", "Password": "IxF(..bSed6k "}

Multi AV Scanner detection for submitted file

Source: Order Enquiry MX-M754N_20240207_114441.exe

ReversingLabs: Detection: 54%

Machine Learning detection for sample

Source: Order Enquiry MX-M754N_20240207_114441.exe

Joe Sandbox ML: detected

Source: Order Enquiry MX-M754N_20240207_114441.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: wntdll.pdbUGP source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1641077440.00000000042A0000.00000004.00001000.00020000.00000000.sdmp, Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1642502029.0000000004140000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1641077440.00000000042A0000.00000004.00001000.00020000.00000000.sdmp, Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1642502029.0000000004140000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00164696 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00164696
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016C93C FindFirstFileW,FindClose,	0_2_0016C93C
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0016C9C7
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0016F200
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0016F35D
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0016F65E
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00163A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00163A2B
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00163D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00163D4E
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0016BF27

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 194.36.191.196:587

Source: Joe Sandbox View

IP Address: 194.36.191.196 194.36.191.196

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 194.36.191.196:587

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_001725E2 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

0_2_001725E2

Source: unknown

DNS traffic detected: queries for: bezelety.top

Source: RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://bezelety.top
Source: RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0
Source: RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896640187.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896640187.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, umlRMRbjNqD.cs

.Net Code: _99C

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0017425A OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_0017425A

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00174458 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00174458

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

0_2_0017425A

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00160219 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,

0_2_00160219

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0018CDAC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

0_2_0018CDAC

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen

Binary is likely a compiled AutoIt script file

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: This is a third-party compiled AutoIt script.	0_2_00103B4C
Source: Order Enquiry MX-M754N_20240207_114441.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000000.1631857990.00000000001B5000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_ad0528d4-9
Source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000000.1631857990.00000000001B5000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_3cb4bd8c-d
Source: Order Enquiry MX-M754N_20240207_114441.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_acc4fa33-6
Source: Order Enquiry MX-M754N_20240207_114441.exe	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer	memstr_d5957f57-a

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: Order Enquiry MX-M754N_20240207_114441.exe

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00164021: CreateFileW,DeviceIoControl,CloseHandle,

0_2_00164021

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00158858 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00158858

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0016545F ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,

0_2_0016545F

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0010E800	0_2_0010E800
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012DBB5	0_2_0012DBB5
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0018804A	0_2_0018804A
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0010E060	0_2_0010E060
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00114140	0_2_00114140
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00122405	0_2_00122405
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00136522	0_2_00136522
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0013267E	0_2_0013267E
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00180665	0_2_00180665
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012283A	0_2_0012283A
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00116843	0_2_00116843
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_001389DF	0_2_001389DF
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00118A0E	0_2_00118A0E
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00136A94	0_2_00136A94
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00180AE2	0_2_00180AE2
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00168B13	0_2_00168B13
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0015EB07	0_2_0015EB07
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012CD61	0_2_0012CD61
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00137006	0_2_00137006
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0011710E	0_2_0011710E
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00113190	0_2_00113190
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00101287	0_2_00101287
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_001233C7	0_2_001233C7
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012F419	0_2_0012F419
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00115680	0_2_00115680
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_001216C4	0_2_001216C4
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_001278D3	0_2_001278D3
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_001158C0	0_2_001158C0
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00121BB8	0_2_00121BB8
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00139D05	0_2_00139D05
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0010FE40	0_2_0010FE40
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00121FD0	0_2_00121FD0
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012BFE6	0_2_0012BFE6
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_01833690	0_2_01833690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_016F9B38	1_2_016F9B38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_016F4A98	1_2_016F4A98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_016FCEC0	1_2_016FCEC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_016F3E80	1_2_016F3E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_016F41C8	1_2_016F41C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 1_2_016FD268	1_2_016FD268

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: String function: 00120D27 appears 70 times
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: String function: 00128B40 appears 42 times
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: String function: 00107F41 appears 35 times

Source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameb8a301b8-17ed-4a95-9a06-b5d07d034022.exe4 vs Order Enquiry MX-M754N_20240207_114441.exe
Source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1640452876.0000000004223000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Order Enquiry MX-M754N_20240207_114441.exe
Source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1643360094.000000000440D000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs Order Enquiry MX-M754N_20240207_114441.exe

Source: Order Enquiry MX-M754N_20240207_114441.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers

Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, v9Lsz.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, VFo.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, 5FJ0H20tobu.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, NtdoTGO.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, XBsYgp.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformBlock'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, AwxUa2Na.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, 19C9FfZ.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, 19C9FfZ.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, soCD8XkwU.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, soCD8XkwU.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/4@1/1

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0016A2D5 GetLastError,FormatMessageW,

0_2_0016A2D5

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00158713 AdjustTokenPrivileges,CloseHandle,		0_2_00158713
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00158CC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		0_2_00158CC3

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0016B59E SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_0016B59E

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0017F121 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0017F121

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0016C602 CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0016C602

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00104FE9 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_00104FE9

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Mutant created: NULL

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

File created: C:\Users\user\AppData\Local\Temp\autF562.tmp

Jump to behavior

Source: Order Enquiry MX-M754N_20240207_114441.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Order Enquiry MX-M754N_20240207_114441.exe

ReversingLabs: Detection: 54%

Source: unknown	Process created: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe "C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe"
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe"
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Section loaded: wldp.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: Order Enquiry MX-M754N_20240207_114441.exe

Static file information: File size 1108480 > 1048576

Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Order Enquiry MX-M754N_20240207_114441.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: wntdll.pdbUGP source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1641077440.00000000042A0000.00000004.00001000.00020000.00000000.sdmp, Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1642502029.0000000004140000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1641077440.00000000042A0000.00000004.00001000.00020000.00000000.sdmp, Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000003.1642502029.0000000004140000.00000004.00001000.00020000.00000000.sdmp

Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Order Enquiry MX-M754N_20240207_114441.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0017C304 LoadLibraryA,GetProcAddress,

0_2_0017C304

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0010C590 push eax; retn 0010h	0_2_0010C599
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00168719 push FFFFFF8Bh; iretd	0_2_0016871B
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012E94F push edi; ret	0_2_0012E951
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012EA68 push esi; ret	0_2_0012EA6A
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00128B85 push ecx; ret	0_2_00128B98
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012EC43 push esi; ret	0_2_0012EC45
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012ED2C push edi; ret	0_2_0012ED2E

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00104A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		0_2_00104A35
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_001855FD IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		0_2_001855FD

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_001233C7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_001233C7

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 549			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 5822			Jump to behavior

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-98421

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

API coverage: 4.7 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00164696 GetFileAttributesW,FindFirstFileW,FindClose,	0_2_00164696
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016C93C FindFirstFileW,FindClose,	0_2_0016C93C
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016C9C7 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0016C9C7
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016F200 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0016F200
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016F35D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0016F35D
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016F65E FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0016F65E
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00163A2B FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00163A2B
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00163D4E FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00163D4E
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0016BF27 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0016BF27

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00104AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00104AFE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99422	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99312	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99203	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 99091	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98984	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98745	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98531	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98407	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98281	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98172	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 98062	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97953	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97844	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97731	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97625	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97515	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97406	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97297	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97187	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 97078	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 96968	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 96859	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 96749	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 96640	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: RegSvcs.exe, 00000001.00000002.2900878246.00000000064E0000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	API call chain: ExitProcess graph end node			graph_0-98235
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	API call chain: ExitProcess graph end node			graph_0-97806

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_001741FD BlockInput,

0_2_001741FD

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00103B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00103B4C

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00135CCC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_00135CCC

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0017C304 LoadLibraryA,GetProcAddress,

0_2_0017C304

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_01833580 mov eax, dword ptr fs:[00000030h]	0_2_01833580
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_01833520 mov eax, dword ptr fs:[00000030h]	0_2_01833520
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_01831ED0 mov eax, dword ptr fs:[00000030h]	0_2_01831ED0

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_001581F7 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

0_2_001581F7

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012A364 SetUnhandledExceptionFilter,		0_2_0012A364
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_0012A395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0012A395

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Section loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and write

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 1142008

Jump to behavior

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00158C93 LogonUserW,

0_2_00158C93

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00103B4C GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_00103B4C

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00104A35 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,

0_2_00104A35

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00164EC9 mouse_event,

0_2_00164EC9

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe"

Jump to behavior

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

0_2_001581F7

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00164C03 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_00164C03

Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0012886B cpuid

0_2_0012886B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_001350D7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_001350D7

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00142230 GetUserNameW,

0_2_00142230

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_0013418A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_0013418A

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe

Code function: 0_2_00104AFE GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_00104AFE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.2897411725.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2897411725.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order Enquiry MX-M754N_20240207_114441.exe PID: 2640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6972, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File opened: C:\FTP Navigator\Ftplist.txt

Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: WIN_81
Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: WIN_XP
Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: WIN_XPe
Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: WIN_VISTA
Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: WIN_7
Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: WIN_8
Source: Order Enquiry MX-M754N_20240207_114441.exe	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

Source: Yara match	File source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2897411725.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order Enquiry MX-M754N_20240207_114441.exe PID: 2640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6972, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Order Enquiry MX-M754N_20240207_114441.exe.40c0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.2897411725.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2897411725.0000000003231000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Order Enquiry MX-M754N_20240207_114441.exe PID: 2640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6972, type: MEMORYSTR

Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00176596 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,		0_2_00176596
Source: C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe	Code function: 0_2_00176A5A socket,WSAGetLastError,bind,WSAGetLastError,closesocket,		0_2_00176A5A

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Native API	2 Valid Accounts	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	121 Input Capture	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Valid Accounts	2 Obfuscated Files or Information	1 Credentials in Registry	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	38 System Information Discovery	Distributed Component Object Model	121 Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	212 Process Injection	2 Valid Accounts	LSA Secrets	141 Security Software Discovery	SSH	3 Clipboard Data	11 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	121 Virtualization/Sandbox Evasion	Cached Domain Credentials	121 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Access Token Manipulation	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	212 Process Injection	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Order Enquiry MX-M754N_20240207_114441.exe	54%	ReversingLabs	Win32.Trojan.Strab
Order Enquiry MX-M754N_20240207_114441.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
http://r3.i.lencr.org/0	0%	URL Reputation	safe
http://bezelety.top	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bezelety.top	194.36.191.196	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://r3.o.lencr.org0	RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://account.dyn.com/	Order Enquiry MX-M754N_20240207_114441.exe, 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896640187.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896640187.00000000015ED000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://bezelety.top	RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://r3.i.lencr.org/0	RegSvcs.exe, 00000001.00000002.2900878246.00000000064F8000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2896840049.0000000001642000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.36.191.196	bezelety.top	Netherlands		60117	HSAE	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430320
Start date and time:	2024-04-23 14:18:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Order Enquiry MX-M754N_20240207_114441.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/4@1/1
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 60 Number of non-executed functions: 263
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target RegSvcs.exe, PID 6972 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: Order Enquiry MX-M754N_20240207_114441.exe

Simulations

Behavior and APIs

Time	Type	Description
14:18:56	API Interceptor	31x Sleep call for process: RegSvcs.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
194.36.191.196	http://store.avast.com/store?SiteID=avast&Action=DisplayRedirectCustomPage&Locale=en_US&v=1&t=event&tid=UA-58120669-65&cid=725399894.1568213989&ec=Emailing_Digital%20River&aip=1&cm10=1&ds=Avast&ul=en_US&cs=Digital%20River&cm=email&cd2=Paid&cd3=725399894.1568213989&cd4=Business&cd5=BMG-00-001-36-AR&cd7=13306019910&cd6=22895593139&cd8=0&cd9=4871168000&cd10=USD&cd11=44&cd12=1659005853297&ea=Click&el=http://0gjysc.wildlifewalkabout.com/am9lbC5uYXNzaWZAYXJuLmFl	Get hash	malicious	Unknown	Browse	0gjysc.wildlifewalkabout.com/am9lbC5uYXNzaWZAYXJuLmFl
	#U6025-146102220896 BSIU2505935-Remitance Advise.xlsx	Get hash	malicious	FormBook	Browse	www.firstflightmdelivery.services/inug/?LJBd06wP=my5vzthd/gf6h+YfXGHF51EmCUBukXLQvdzfbkPp7mscRjHMsb7qcEfg2/kZIm7kG7WZ0g==&-ZcxnF=8p74g4BxA
	jun.exe	Get hash	malicious	AZORult	Browse	squerad.com/cgi-sys/suspendedpage.cgi
	Player offer.exe	Get hash	malicious	AZORult	Browse	squerad.com/frank/index.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bezelety.top	z1RFQ20838_CMC_RITM50736681.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	PI-23-24-041 AEH-CIPL 6-202424-014 .exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	vIgBIsAluf.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	PO MIU100011010 SKM0020240311.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	BOQ- AE20003 SWMT00946 20240403 Ref 00985398 for project.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	z53BOQ-AE20003SWT00964DT20240227_PDF.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
HSAE	PDT_7367027738832_789257820__________________________.exe	Get hash	malicious	AgentTesla	Browse	185.244.151.84
	SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.1274.17126.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	Arba Outstanding Statement.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	185.244.151.84
	WZM.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	185.244.151.84
	z1RFQ20838_CMC_RITM50736681.exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	https://doggygangers.com/YfMv2QsjpCQl845BWSYNfNOQitweyze_Z6lIlrRr43MRjX_HrM/downloadsdownloadfile/dwnl_standart.php	Get hash	malicious	LummaC, PureLog Stealer, RedLine, SectopRAT, zgRAT	Browse	194.36.191.196
	BOQ- AE20003 0084 20240408 .exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196
	a9wJzPSyH4.exe	Get hash	malicious	AgentTesla	Browse	185.198.59.26
	4938730).vbs	Get hash	malicious	AgentTesla, PureLog Stealer, zgRAT	Browse	194.36.191.196
	PI-23-24-041 AEH-CIPL 6-202424-014 .exe	Get hash	malicious	AgentTesla	Browse	194.36.191.196

Process:	C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe
File Type:	data
Category:	dropped
Size (bytes):	151602
Entropy (8bit):	7.9183384124376905
Encrypted:	false
SSDEEP:	3072:hjk6n57+0k1DddzaQ4drrDyd9CaUc2za53G8kJtFoJXBhESIEe:hRn5K7DDzabIycBpXkJroJXbEX
MD5:	60383EC64FB392B4B8AEAA245EE209B1
SHA1:	C7C20D432B8F7A29EE26A4B0E66139E4F79DA354
SHA-256:	7C7A7D0DFE755F3B9F693A49B5F6A95F6904F633E7A4B9B40DA4B911B74ABDD4
SHA-512:	1DDB33E099178C438BA94D1FD6D8560FEB37470F396A56D13605A2368B72A370E46E9DBFB572BA0AF932ABB5EE8F0645898B4675DF52CD8560994E79E512C48D
Malicious:	false
Reputation:	low
Preview:	EA06.....C..Z}..O.Nj..N..O....E..U..i.....X.T...x..j....<.X.U?.........7\..:..-..-~_9.N..il.q .Ff....g!...1.d.-u.V.....{3..,f.u.R.5J......5..Uf4:U:.W.M.p.lR>..u^ ..ej...Z.0.....5>..5.....U54...z._aL....H..V........cw..S.....B..._7V.K...~@..E..N...vp.`G..;y..fr .....U\|...E..,\|6.u^.f...@.b!J..1...$...R.....J....&U.<..U...:...N.B<......9.C.,>=7.f..C.....K...\..O..j.............c`.X...3.R.wM...M.`.~.sz..z\.....)x......}...!D.{..J.'O..N..j.&...c..[...>.T`...vO..p;.....!..4......e..L..j.F}.......n.T.%.....=.d.u.....n?.K.U.};YS..v..^g...h.8.V;:..T..g....o..................`.....H.7....(..& ..8.c6.....XJ.....a;.,9.j..}..Id....E}..,...w...p..<.f.7..b.XFwa...o...N9..O.R......v[..'}@...X..}W.T..JE..[....f.)N..S).J.Z.. ....#...26._.'.b{.Y..\.......9}j.<...T....8....y.....'09..a.[.S...]6.N.r.\z7d...I...;..=Z.3.P.s.E:.A.S.N.>%K..u2....M....dr.O._.4.].Q...)......U...M>.S.X+.Z.voN..,3..B.h.<&R...a....e..e.N..mJ.K../.ZE..u..i..Mg.8.l...e.5N.....^.Z.....

C:\Users\user\AppData\Local\Temp\autF5B1.tmp

Download File

Process:	C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe
File Type:	data
Category:	dropped
Size (bytes):	9928
Entropy (8bit):	7.599005407771583
Encrypted:	false
SSDEEP:	192:m+cKumbG02JtWDW/UQ46Yoa4qyedmFBhIfKr0q/5kaj2Z1EYHzs2Bia:97umbGRJtWDWSDnnyedm9LrPOasuH28a
MD5:	FCEC15F4AF80FCF109CCCC657722F977
SHA1:	79E594A8596371BD5698CC2697D614371E1451DA
SHA-256:	9E970CDC8AB25EFB4F84435A5E858A14552B841B6DE467B41F4D9CF980896930
SHA-512:	EB59F7BD25ACF417BFA33D3B4686E3241101A3D9FF6F32B21C8DBF044B82EAA9DB4E0257358A95550BD62D73226A256BA9C99E6B17F271ACDC9EC580F1E8BDB2
Malicious:	false
Reputation:	low
Preview:	EA06..t0.M'.)..e4.N'.).......T9..l.0L.s.5..3..s.4.8.......k8.Yls....c..&S...k6...S....1.L&.i..i5.M,S....K.@...7...p. ....P.o...m.X.V........9....3...f....s2.Xf@.]..g3@..h.m.M.......8.l..6.....a........i4........g3Y...c ._..k4...d....H, ......Ac.H..g...(.F..=d....>....C`....@02..N@...u......Y..ab.M.]>.$....M.x>;$....N.j.;%....X.j.;%......j.;,....P'.b.5... .^..f./Z..@F.6.z..G......`......i..G../Z...zqd...l.;.........\|......7...}3{(........;^..l =..p.........3p.o....,.......x.....H<.lX.:...b.....,. ...2...f.[...K.)....b..i\|v F......X......`....,.9....5...._..l......>K.....ir.e....[4..d..f.y.....,.....S >..p...........s9.... !..Y....f...ja4....ea.h,.p.....,.a8.,..3........f.....f ....,j.0..&...J......f ....6K%.ke..f....L..;2.X...4.Y.V@.Fn.....f@....l..05.....!;3.X...c )D.g6... ...'&`....,f.6..&....r...Brh.....l...i2...B....@.......d.L.`!.....P...@X5d..lSK...9...!;5.X...cVY......'.B...,vl.!..>.a..l...M..@...X...b.M&.X..B.a.Q...sp..X..9..o5..f.!...,vn......d...

C:\Users\user\AppData\Local\Temp\differences

Download File

Process:	C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe
File Type:	data
Category:	dropped
Size (bytes):	240128
Entropy (8bit):	6.622183409567717
Encrypted:	false
SSDEEP:	6144:C8xiHE8LFIxOZH/nzE0/olaIarDHho0aGzyrjdPEfuUsTqlnb/h92S7FBbn:pxILyurE0QlaXrDBo0/cZPEfuUsTYn7L
MD5:	1082E45534399B3A6C651E678775AAA1
SHA1:	D95E2454A0C17B8AB2E449E8BA36E8B884A3744E
SHA-256:	43D6F3C6D1761E5B03DCA88E1C6EA1327AF737B5FA3DBB8475FED8C6F837B7FC
SHA-512:	E2441D3DA8D09BEB49522BDA9586CF10227B6FD1B89A04E6D59F2FB97404CBE98FC71D300D72B80AEC5C2F1F6CF479028660A3F8C64A821AEC473C25CEAA3E33
Malicious:	false
Reputation:	low
Preview:	...5OKVO49VL..FO.NW0HKEU.5LKVO09VLVRFOONW0HKEUW5LKVO09VLVRFO.NW0FT.[W.E.w.1u.m.:/<o>%_/9$8wV-%8 D.4)v 3!o'9....u:Z(.xB=3rLVRFOON.uHK.TT5..09VLVRFO.NU1CJNUW.OKVG09VLVRH.LNW.HKE.T5LK.O0.VLVPFOKNW0HKEUS5LKVO09VLRRFMONW0HKGU..LKFO0)VLVRVOO^W0HKEUG5LKVO09VLVR..LN.0HKE.T5.NVO09VLVRFOONW0HKEUW.OKZO09VLVRFOONW0HKEUW5LKVO09VLVRFOONW0HKEUW5LKVO09VLVRFoON_0HKEUW5LKVO8.VL.RFOONW0HKEUyA)3"O09B.URFoONW.KKEWW5LKVO09VLVRFOoNWPf96'45LK.J09V.URFIONW.KKEUW5LKVO09VL.RF.a<2\'(EU[5LKV.39VNVRF.LNW0HKEUW5LKVOp9V.VRFOONW0HKEUW5LK..39VLVR.OONU0MK..U5.{WO39VLWRFIONW0HKEUW5LKVO09VLVRFOONW0HKEUW5LKVO09VLVRFOONW0U....u.2.34K.t.(.M..[..,.zC.C.K-...K.....o>C..5.Df.._...:.FRII....t+]>>Q.;y]'.R..l.vd!.~.M8.J...(`.!Ij.....st...@Dg...&..,!:.);592..0.BP.N.SFOON.......%3...:YRb@>....\|Y=.....(O092LVR4OON60HK.UW5#KVO^9VL(RFO1NW0.KEU.5LKaO09sLVR+OONs0HK;UW5.6Y@...%%..OONW0}..e.X........d7.1.5....1.~..S..6>.!.....Y.. ..@g'Mu.h>WJRWDHKM[.F.....NORJ2>ROZoH......m.n...'...6..FOONW0.KE.W5L..O.9VL.R.O..W0H.U.5.K..9

C:\Users\user\AppData\Local\Temp\myriopodous

Download File

Process:	C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe
File Type:	ASCII text, with very long lines (29744), with no line terminators
Category:	dropped
Size (bytes):	29744
Entropy (8bit):	3.5491098996906234
Encrypted:	false
SSDEEP:	768:wiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNb2E+Ip6Cr4vfF3if6gyS:wiTZ+2QoioGRk6ZklputwjpjBkCiw2RR
MD5:	EFF6EACD8F554018A1A067DE0068AB12
SHA1:	9B7DD85436FD3CEFA29B2A44694D75C2999C2C6B
SHA-256:	0AB6C9EE3441C85059BE79FACD9606E95D4E6F01B2DD7F9E5790491A35B98356
SHA-512:	078D93EE5111388944EC692E5B81DBA9EA2E0F5745604FC36B567838E8A195E0B29F4E9775F1D0BC11997DD6E8B9BDCFEC4B455478A17EF9A9729F107C3F42BC
Malicious:	false
Reputation:	low
Preview:	048B4C24088B008B093BC8760483C8FFC31BC0F7D8C38B0x558bec81eccc0200005657b86b00000066894584b96500000066894d86ba7200000066895588b86e0000006689458ab96500000066894d8cba6c0000006689558eb83300000066894590b93200000066894d92ba2e00000066895594b86400000066894596b96c00000066894d98ba6c0000006689559a33c06689459cb96e00000066898d44ffffffba7400000066899546ffffffb86400000066898548ffffffb96c00000066898d4affffffba6c0000006689954cffffffb82e0000006689854effffffb96400000066898d50ffffffba6c00000066899552ffffffb86c00000066898554ffffff33c966898d56ffffffba75000000668955d0b873000000668945d2b96500000066894dd4ba72000000668955d6b833000000668945d8b93200000066894ddaba2e000000668955dcb864000000668945deb96c00000066894de0ba6c000000668955e233c0668945e4b96100000066898d68ffffffba640000006689956affffffb8760000006689856cffffffb96100000066898d6effffffba7000000066899570ffffffb86900000066898572ffffffb93300000066898d74ffffffba3200000066899576ffffffb82e00000066898578ffffffb96400000066898d7affffffba6c0000006689957cffffffb86c00000066

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.950875973948746
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Order Enquiry MX-M754N_20240207_114441.exe
File size:	1'108'480 bytes
MD5:	6612264b0e2a149cece9e7e541af18e3
SHA1:	28d98b61743ba38eb54d8f6a1d4915098eb1775b
SHA256:	205cac67754c6dd6a1c8945b76c800a5019eef9c66d0dde1519ea6c4c1e70976
SHA512:	e1deab1bbbc9e008799d1d04ebb8d052926168df42a6913e5da31ca724fde0c0e2bcc19328750907da917626ee3523f2a6f6ec7323b1232d33472ac3648659ee
SSDEEP:	24576:eAHnh+eWsN3skA4RV1Hom2KXMmHa+iJAv4V+sfz5:Jh+ZkldoPK8Ya+iw4zt
TLSH:	4F359C3263918336FFAB9D73DB5DB20D56BC6D250123852FD29C2F79A9F01B1122D262
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR..

File Icon


Icon Hash:	1a5ada12a98c3689

Static PE Info

General

Entrypoint:	0x42800a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6626922E [Mon Apr 22 16:37:02 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	afcdf79be1557326c854b6e20cb900a7

Entrypoint Preview

Instruction
call 00007F5664CCFB1Dh
jmp 00007F5664CC28D4h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push edi
push esi
mov esi, dword ptr [esp+10h]
mov ecx, dword ptr [esp+14h]
mov edi, dword ptr [esp+0Ch]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007F5664CC2A5Ah
cmp edi, eax
jc 00007F5664CC2DBEh
bt dword ptr [004C41FCh], 01h
jnc 00007F5664CC2A59h
rep movsb
jmp 00007F5664CC2D6Ch
cmp ecx, 00000080h
jc 00007F5664CC2C24h
mov eax, edi
xor eax, esi
test eax, 0000000Fh
jne 00007F5664CC2A60h
bt dword ptr [004BF324h], 01h
jc 00007F5664CC2F30h
bt dword ptr [004C41FCh], 00000000h
jnc 00007F5664CC2BFDh
test edi, 00000003h
jne 00007F5664CC2C0Eh
test esi, 00000003h
jne 00007F5664CC2BEDh
bt edi, 02h
jnc 00007F5664CC2A5Fh
mov eax, dword ptr [esi]
sub ecx, 04h
lea esi, dword ptr [esi+04h]
mov dword ptr [edi], eax
lea edi, dword ptr [edi+04h]
bt edi, 03h
jnc 00007F5664CC2A63h
movq xmm1, qword ptr [esi]
sub ecx, 08h
lea esi, dword ptr [esi+08h]
movq qword ptr [edi], xmm1
lea edi, dword ptr [edi+08h]
test esi, 00000007h
je 00007F5664CC2AB5h
bt esi, 03h

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2013 UPD5 build 40629
[RES] VS2013 build 21005
[LNK] VS2013 UPD5 build 40629

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xbc0cc	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc8000	0x44204	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x10d000	0x7134	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x92bc0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xa4b50	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8f000	0x884	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8dfdd	0x8e000	310e36668512d53489c005622bb1b4a9	False	0.5735602580325704	data	6.675248351711057	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8f000	0x2fd8e	0x2fe00	748cf1ab2605ce1fd72d53d912abb68f	False	0.32828818537859006	data	5.763244005758284	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xbf000	0x8f74	0x5200	aae9601d920f07080bdfadf43dfeff12	False	0.1017530487804878	data	1.1963819235530628	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xc8000	0x44204	0x44400	aff2b9eb76604ae0111f93af826bfce2	False	0.7394617101648352	data	7.27595530787077	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x10d000	0x7134	0x7200	f04128ad0f87f42830e4a6cdbc38c719	False	0.7617530153508771	data	6.783955557128661	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc8458	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xc8580	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xc86a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xc87d0	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	Great Britain	0.046891636105524666
RT_MENU	0xd8ff8	0x50	data	English	Great Britain	0.9
RT_STRING	0xd9048	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xd95dc	0x68a	data	English	Great Britain	0.2747909199522103
RT_STRING	0xd9c68	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xda0f8	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xda6f4	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xdad50	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xdb1b8	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xdb310	0x309a6	data			1.0003566441294367
RT_GROUP_ICON	0x10bcb8	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0x10bccc	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0x10bce0	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0x10bcf4	0x14	data	English	Great Britain	1.25
RT_VERSION	0x10bd08	0x10c	data	English	Great Britain	0.6007462686567164
RT_MANIFEST	0x10be14	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
VERSION.dll	GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
WININET.dll	InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
USERENV.dll	DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
USER32.dll	AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
GDI32.dll	StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
COMDLG32.dll	GetOpenFileNameW, GetSaveFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
SHELL32.dll	DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
OLEAUT32.dll	LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 14:18:58.405220985 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:18:58.614880085 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:58.614974022 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:18:58.873600960 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:58.874700069 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:18:59.086414099 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:59.086611032 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:18:59.297276974 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:59.307209969 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:18:59.543116093 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:59.543284893 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:59.543342113 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:59.543342113 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:18:59.571242094 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:18:59.780972958 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:18:59.797579050 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:00.007157087 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:00.008235931 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:00.219391108 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:00.219677925 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:00.442922115 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:00.443610907 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:00.657298088 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:00.657983065 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:00.906641006 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:00.909760952 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:00.909977913 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:01.120138884 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:01.120178938 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:01.120750904 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:01.120811939 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:01.120832920 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:01.120851040 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:19:01.330291033 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:01.330337048 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:01.330429077 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:01.330461025 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:01.369323969 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:19:01.423392057 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:20:37.986380100 CEST	49730	587	192.168.2.4	194.36.191.196
Apr 23, 2024 14:20:38.198349953 CEST	587	49730	194.36.191.196	192.168.2.4
Apr 23, 2024 14:20:38.203135967 CEST	49730	587	192.168.2.4	194.36.191.196

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 23, 2024 14:18:57.965229988 CEST	51942	53	192.168.2.4	1.1.1.1
Apr 23, 2024 14:18:58.397806883 CEST	53	51942	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 23, 2024 14:18:57.965229988 CEST	192.168.2.4	1.1.1.1	0xe67b	Standard query (0)	bezelety.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 23, 2024 14:18:58.397806883 CEST	1.1.1.1	192.168.2.4	0xe67b	No error (0)	bezelety.top		194.36.191.196	A (IP address)	IN (0x0001)	false

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Apr 23, 2024 14:18:58.873600960 CEST	587	49730	194.36.191.196	192.168.2.4	220-hosting1.nl.hostsailor.com ESMTP Exim 4.96.2 #2 Tue, 23 Apr 2024 14:18:58 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 23, 2024 14:18:58.874700069 CEST	49730	587	192.168.2.4	194.36.191.196	EHLO 226533
Apr 23, 2024 14:18:59.086414099 CEST	587	49730	194.36.191.196	192.168.2.4	250-hosting1.nl.hostsailor.com Hello 226533 [89.187.171.132] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Apr 23, 2024 14:18:59.086611032 CEST	49730	587	192.168.2.4	194.36.191.196	STARTTLS
Apr 23, 2024 14:18:59.297276974 CEST	587	49730	194.36.191.196	192.168.2.4	220 TLS go ahead

Target ID:	0
Start time:	14:18:54
Start date:	23/04/2024
Path:	C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe"
Imagebase:	0x100000
File size:	1'108'480 bytes
MD5 hash:	6612264B0E2A149CECE9E7E541AF18E3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000000.00000002.1647483199.00000000040C0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:18:55
Start date:	23/04/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Order Enquiry MX-M754N_20240207_114441.exe"
Imagebase:	0xe60000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2897411725.00000000032A8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2897411725.000000000327E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2896310077.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2897411725.0000000003231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2897411725.0000000003231000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	4.1%
Dynamic/Decrypted Code Coverage:	1.5%
Signature Coverage:	5.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	178

Executed Functions

Function 00103B4C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00103B7A
IsDebuggerPresent.KERNEL32 ref: 00103B8C
GetFullPathNameW.KERNEL32(00007FFF,?,?,001C62F8,001C62E0,?,?), ref: 00103BFD

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

Part of subcall function 00110A8D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00103C26,001C62F8,?,?,?), ref: 00110ACE

SetCurrentDirectoryW.KERNEL32(?), ref: 00103C81
MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,001B93F0,00000010), ref: 0013D4BC
SetCurrentDirectoryW.KERNEL32(?,001C62F8,?,?,?), ref: 0013D4F4
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,001B5D40,001C62F8,?,?,?), ref: 0013D57A
ShellExecuteW.SHELL32(00000000,?,?), ref: 0013D581

Part of subcall function 00103A58: GetSysColorBrush.USER32(0000000F), ref: 00103A62
Part of subcall function 00103A58: LoadCursorW.USER32(00000000,00007F00), ref: 00103A71
Part of subcall function 00103A58: LoadIconW.USER32(00000063), ref: 00103A88
Part of subcall function 00103A58: LoadIconW.USER32(000000A4), ref: 00103A9A
Part of subcall function 00103A58: LoadIconW.USER32(000000A2), ref: 00103AAC
Part of subcall function 00103A58: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00103AD2
Part of subcall function 00103A58: RegisterClassExW.USER32(?), ref: 00103B28

Part of subcall function 001039E7: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00103A15
Part of subcall function 001039E7: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00103A36
Part of subcall function 001039E7: ShowWindow.USER32(00000000,?,?), ref: 00103A4A
Part of subcall function 001039E7: ShowWindow.USER32(00000000,?,?), ref: 00103A53

Part of subcall function 001043DB: _memset.LIBCMT ref: 00104401
Part of subcall function 001043DB: Shell_NotifyIconW.SHELL32(00000000,?), ref: 001044A6

Strings

runas, xrefs: 0013D575
This is a third-party compiled AutoIt script., xrefs: 0013D4B4

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
String ID: This is a third-party compiled AutoIt script.$runas
API String ID: 529118366-3287110873
Opcode ID: bedca38d0aa113b2b4395f2ea3305eac205ac10a777032069bf950f8ee74489f
Instruction ID: 1a1ba1fe6ab3f494fe1b394dee5afc6e67760002ef6a2c5cd123d13ea28568cf
Opcode Fuzzy Hash: bedca38d0aa113b2b4395f2ea3305eac205ac10a777032069bf950f8ee74489f
Instruction Fuzzy Hash: B651E670D08248AADF11ABB4ED05EED7B79FF24340F00416AF4A1A61E1DBB49786CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00104AFE Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00104B2B

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

GetCurrentProcess.KERNEL32(?,0018FAEC,00000000,00000000,?), ref: 00104BF8
IsWow64Process.KERNEL32(00000000), ref: 00104BFF
GetNativeSystemInfo.KERNELBASE(00000000), ref: 00104C45
FreeLibrary.KERNEL32(00000000), ref: 00104C50
GetSystemInfo.KERNEL32(00000000), ref: 00104C81
GetSystemInfo.KERNEL32(00000000), ref: 00104C8D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
String ID:
API String ID: 1986165174-0
Opcode ID: a01da8e6925da9459059a08f42e08920b651d0583caabcdabb596c246ac4dea9
Instruction ID: fc5222d3d8bfea84cd4d3003ac4b42c8b7398cacb38c7032e1e97d4a1c5302bd
Opcode Fuzzy Hash: a01da8e6925da9459059a08f42e08920b651d0583caabcdabb596c246ac4dea9
Instruction Fuzzy Hash: 3B91D37154A7C0DFC735CB68A5911AAFFE4AF2A300F48495ED1CA93A81D371E948C729

Uniqueness

Uniqueness Score: -1.00%

Function 00104FE9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00104EEE,?,?,00000000,00000000), ref: 00104FF9
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00104EEE,?,?,00000000,00000000), ref: 00105010
LoadResource.KERNEL32(?,00000000,?,?,00104EEE,?,?,00000000,00000000,?,?,?,?,?,?,00104F8F), ref: 0013DD60
SizeofResource.KERNEL32(?,00000000,?,?,00104EEE,?,?,00000000,00000000,?,?,?,?,?,?,00104F8F), ref: 0013DD75
LockResource.KERNEL32(00104EEE,?,?,00104EEE,?,?,00000000,00000000,?,?,?,?,?,?,00104F8F,00000000), ref: 0013DD88

Strings

SCRIPT, xrefs: 00105006

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 32f036a6edcf336cacb2e0c69dbfd0511a9fa67f2edc819615420b7ebe6d27af
Instruction ID: 779a6c967f76173192300e1f30e0ce561fd0f1ec309345f75c16b6fd39381554
Opcode Fuzzy Hash: 32f036a6edcf336cacb2e0c69dbfd0511a9fa67f2edc819615420b7ebe6d27af
Instruction Fuzzy Hash: 98115A75200700AFD7218B65EC58F6B7BBAEBC9B51F20416CF446C66A0DBA1E9418A60

Uniqueness

Uniqueness Score: -1.00%

Function 00164696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,0013E7C1), ref: 001646A6
FindFirstFileW.KERNELBASE(?,?), ref: 001646B7
FindClose.KERNEL32(00000000), ref: 001646C7

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FileFind$AttributesCloseFirst
String ID:
API String ID: 48322524-0
Opcode ID: edef14622a1fc78c7fa53ff6bc68ff12c9490a9004dc2089bf91c31b695521c8
Instruction ID: 15191cda0f32bc87fe555fbfb824dbb856b0b0a9c52bf2a1c5c42a0b829feb4e
Opcode Fuzzy Hash: edef14622a1fc78c7fa53ff6bc68ff12c9490a9004dc2089bf91c31b695521c8
Instruction Fuzzy Hash: D3E026328104006B8210A738EC4D8EA7B9DDF46335F10072AF875C28E0EBB09EF087DA

Uniqueness

Uniqueness Score: -1.00%

Function 0010E800 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON

Download Yara Rule

Strings

Variable must be of type 'Object'., xrefs: 0014428C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID: Variable must be of type 'Object'.
API String ID: 0-109567571
Opcode ID: 452370761623cc8ee78ab161baaa0d1ae652ee58ad7008f77493427a154b0e9d
Instruction ID: 2442332bfb13a7ff0be3393921697441f2131fd9a51071d46d70e319c4d3d8ac
Opcode Fuzzy Hash: 452370761623cc8ee78ab161baaa0d1ae652ee58ad7008f77493427a154b0e9d
Instruction Fuzzy Hash: C5A2B174A04205CFCB28CF59C581AADB7F1FF58300F258469E996AB391D7B1ED82CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00110B30 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00110BBB
timeGetTime.WINMM ref: 00110E76
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00110FB3
TranslateMessage.USER32(?), ref: 00110FC7
DispatchMessageW.USER32(?), ref: 00110FD5
Sleep.KERNEL32(0000000A), ref: 00110FDF
LockWindowUpdate.USER32(00000000,?,?), ref: 0011105A
DestroyWindow.USER32 ref: 00111066
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00111080
Sleep.KERNEL32(0000000A,?,?), ref: 001452AD
TranslateMessage.USER32(?), ref: 0014608A
DispatchMessageW.USER32(?), ref: 00146098
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 001460AC

Strings

@GUI_WINHANDLE, xrefs: 001453B9
@COM_EVENTOBJ, xrefs: 0014591A
@TRAY_ID, xrefs: 00145BB9
@GUI_CTRLID, xrefs: 00145364
@GUI_CTRLHANDLE, xrefs: 0014540E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Message$DispatchPeekSleepTranslateWindow$DestroyLockTimeUpdatetime
String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
API String ID: 4003667617-3242690629
Opcode ID: 45f6ebe981137613afc66938fe71169f637d80b6a2cb66773683a7bf9f21379e
Instruction ID: 739b8c19a9e8778f8f4c7eca491c0a962a7ba3bccaae652d724c190cd177cddd
Opcode Fuzzy Hash: 45f6ebe981137613afc66938fe71169f637d80b6a2cb66773683a7bf9f21379e
Instruction Fuzzy Hash: E6B2C570608741DFD729DF24C884BAAB7E5BF94304F14492DF499972A2DBB1E8C5CB82

Uniqueness

Uniqueness Score: -1.00%

Function 001693DF Relevance: 19.8, APIs: 13, Instructions: 322
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001691E9: __time64.LIBCMT ref: 001691F3

Part of subcall function 00105045: _fseek.LIBCMT ref: 0010505D

__wsplitpath.LIBCMT ref: 001694BE

Part of subcall function 0012432E: __wsplitpath_helper.LIBCMT ref: 0012436E

_wcscpy.LIBCMT ref: 001694D1
_wcscat.LIBCMT ref: 001694E4
__wsplitpath.LIBCMT ref: 00169509
_wcscat.LIBCMT ref: 0016951F
_wcscat.LIBCMT ref: 00169532

Part of subcall function 0016922F: _memmove.LIBCMT ref: 00169268
Part of subcall function 0016922F: _memmove.LIBCMT ref: 00169277

_wcscmp.LIBCMT ref: 00169479

Part of subcall function 001699BE: _wcscmp.LIBCMT ref: 00169AAE
Part of subcall function 001699BE: _wcscmp.LIBCMT ref: 00169AC1

DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 001696DC
_wcsncpy.LIBCMT ref: 0016974F
DeleteFileW.KERNEL32(?,?), ref: 00169785
CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 0016979B
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001697AC
DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 001697BE

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
String ID:
API String ID: 1500180987-0
Opcode ID: b19c5cb57d82cb0bc92f686f480af1c0694fca88ed16ed442449c5737c985e8a
Instruction ID: a80edb27d2dfae7239f97365784776b0412d7c5421af8dc75dc8771189451164
Opcode Fuzzy Hash: b19c5cb57d82cb0bc92f686f480af1c0694fca88ed16ed442449c5737c985e8a
Instruction Fuzzy Hash: 83C13AB1D00229ABCF21DF95CC85EDEB7BDAF58300F1040AAF609E7151EB709A958F65

Uniqueness

Uniqueness Score: -1.00%

Function 00103015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00103074
RegisterClassExW.USER32(00000030), ref: 0010309E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 001030AF
InitCommonControlsEx.COMCTL32(?), ref: 001030CC
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001030DC
LoadIconW.USER32(000000A9), ref: 001030F2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00103101

Strings

+, xrefs: 0010305D
0, xrefs: 00103056
TaskbarCreated, xrefs: 001030A4
AutoIt v3 GUI, xrefs: 00103090

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 2f324dbcc90fa754643f571812a6d867fed4dc07ecb369c99664ad9a46c10e8e
Instruction ID: 5b631ed22c5cbd6ac31daf982fbc4061b4f103e9e31c0c9f818bccb0065b5332
Opcode Fuzzy Hash: 2f324dbcc90fa754643f571812a6d867fed4dc07ecb369c99664ad9a46c10e8e
Instruction Fuzzy Hash: B73127B1845349AFEB11DFA4EC85A99BFF0FB09310F14416EE580E66A0D3B94685CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00103041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00103074
RegisterClassExW.USER32(00000030), ref: 0010309E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 001030AF
InitCommonControlsEx.COMCTL32(?), ref: 001030CC
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001030DC
LoadIconW.USER32(000000A9), ref: 001030F2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00103101

Strings

+, xrefs: 0010305D
0, xrefs: 00103056
TaskbarCreated, xrefs: 001030A4
AutoIt v3 GUI, xrefs: 00103090

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 7450f249b0093855fb58492f046e91e1b1114ecfda9ed42af107117b13885cf6
Instruction ID: f0f5c1c140fdf5743d34779e5a4bd91662119609f72e878e591a3672aca27ffd
Opcode Fuzzy Hash: 7450f249b0093855fb58492f046e91e1b1114ecfda9ed42af107117b13885cf6
Instruction Fuzzy Hash: 8D21C0B5911318AFEB00DFA4ED89B9DBFF4FB08710F10412AF911A66A0D7B586858F91

Uniqueness

Uniqueness Score: -1.00%

Function 001071EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00104864: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,001C62F8,?,001037C0,?), ref: 00104882

Part of subcall function 0012074F: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,001072C5), ref: 00120771

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00107308
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0013ECF1
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0013ED32
RegCloseKey.ADVAPI32(?), ref: 0013ED70
_wcscat.LIBCMT ref: 0013EDC9

Strings

Software\AutoIt v3\AutoIt, xrefs: 001072FE
\, xrefs: 0013EDEC
\Include\, xrefs: 001072C5
Include, xrefs: 0013ECE8, 0013ED29

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 2673923337-2727554177
Opcode ID: e23d2cbdf23eadd0e2d8c4e35ba92ca868f62badb86356cd24f60797a422c806
Instruction ID: fa7e06688f873f2e23c4a2c685675635c589a6363a82c2410f6e95cc9bab6774
Opcode Fuzzy Hash: e23d2cbdf23eadd0e2d8c4e35ba92ca868f62badb86356cd24f60797a422c806
Instruction Fuzzy Hash: 677139715093019EC714EF65E8819ABBBE8FF68350F40492EF495971E0EBB0D989CF62

Uniqueness

Uniqueness Score: -1.00%

Function 00103A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00103A62
LoadCursorW.USER32(00000000,00007F00), ref: 00103A71
LoadIconW.USER32(00000063), ref: 00103A88
LoadIconW.USER32(000000A4), ref: 00103A9A
LoadIconW.USER32(000000A2), ref: 00103AAC
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00103AD2
RegisterClassExW.USER32(?), ref: 00103B28

Part of subcall function 00103041: GetSysColorBrush.USER32(0000000F), ref: 00103074
Part of subcall function 00103041: RegisterClassExW.USER32(00000030), ref: 0010309E
Part of subcall function 00103041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 001030AF
Part of subcall function 00103041: InitCommonControlsEx.COMCTL32(?), ref: 001030CC
Part of subcall function 00103041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 001030DC
Part of subcall function 00103041: LoadIconW.USER32(000000A9), ref: 001030F2
Part of subcall function 00103041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00103101

Strings

0, xrefs: 00103B06
#, xrefs: 00103B0D
AutoIt v3, xrefs: 00103B17

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: fce01607b1d3b0ed47e873a46bf62c87bbc77681c31278cedf22baea0d1e4a03
Instruction ID: def662e63e1803435ffaeea2cba3388c90cb3593822317565b1fded97056104a
Opcode Fuzzy Hash: fce01607b1d3b0ed47e873a46bf62c87bbc77681c31278cedf22baea0d1e4a03
Instruction Fuzzy Hash: AC212671E00308BFEB109FA4EC49F9D7FB4FB08711F10412AF604A66A0D7BA96948F94

Uniqueness

Uniqueness Score: -1.00%

Function 00103633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 001036D2
KillTimer.USER32(?,00000001), ref: 001036FC
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0010371F
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0010372A
CreatePopupMenu.USER32 ref: 0010373E
PostQuitMessage.USER32(00000000), ref: 0010375F

Strings

TaskbarCreated, xrefs: 00103725

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: 11fbfa8bbec663d9f4451a6b1c469af9008af28dde4f7ff6f0daba5f91bb7321
Instruction ID: 2c3aa455eb873601b8db087e6a5e58901b57077cee415bbab55656ef373f03cc
Opcode Fuzzy Hash: 11fbfa8bbec663d9f4451a6b1c469af9008af28dde4f7ff6f0daba5f91bb7321
Instruction Fuzzy Hash: 194137F2204149BBDB186F68EC49F7A3B5DEB14300F10012CF6A2966E1CBE2DF919761

Uniqueness

Uniqueness Score: -1.00%

Function 00103778 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 267
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/AutoIt3ExecuteLine, xrefs: 001038B9
/AutoIt3OutputDebug, xrefs: 001038A4
/ErrorStdOut, xrefs: 0010388F
CMDLINERAW, xrefs: 0010380D
CMDLINE, xrefs: 00103834
>>>AUTOIT NO CMDEXECUTE<<<, xrefs: 001037C0
/AutoIt3ExecuteScript, xrefs: 001038CE

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW
API String ID: 1825951767-3513169116
Opcode ID: 3a0f863700134de8a3151f359430a1d7e1ee9ad8aa69a5d433ea67a7240f3464
Instruction ID: 7691abf575ae08793cdb926d52f97bf6da905456ea2f249fca4e34581c5306f5
Opcode Fuzzy Hash: 3a0f863700134de8a3151f359430a1d7e1ee9ad8aa69a5d433ea67a7240f3464
Instruction Fuzzy Hash: 06A13E71D102299ACB04EBA4DC95EEEB77CBF24300F54052AF5A6B71D1DFB49A09CB60

Uniqueness

Uniqueness Score: -1.00%

Function 01832670 Relevance: 10.7, APIs: 7, Instructions: 239
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 01832741
VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 01832967

Memory Dump Source

Source File: 00000000.00000002.1647029873.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CreateFileFreeVirtual
String ID:
API String ID: 204039940-0
Opcode ID: 40a228ae330d8c6dccb3fb1644613726de4fc0fd5d5ec17983852815de9b42d5
Instruction ID: ead22ae2f7b7e3bd95022a75979d21e224f52b66f1fd7eec2313a13693d914b5
Opcode Fuzzy Hash: 40a228ae330d8c6dccb3fb1644613726de4fc0fd5d5ec17983852815de9b42d5
Instruction Fuzzy Hash: 45A11A74E00209EBDB14DFA8C894BEEBBB6FF88304F248159E505BB281D7759A41CF95

Uniqueness

Uniqueness Score: -1.00%

Function 001039E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00103A15
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00103A36
ShowWindow.USER32(00000000,?,?), ref: 00103A4A
ShowWindow.USER32(00000000,?,?), ref: 00103A53

Strings

AutoIt v3, xrefs: 00103A0D, 00103A12, 00103A13
edit, xrefs: 00103A30

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: a3c7ee29b1754cb2710c798fe9549ee02b0c297581d89ad893135d1897ca5fcd
Instruction ID: b2aba9c550433b2efa2677a4788956c6224925283fb46572b01988fce2693f1b
Opcode Fuzzy Hash: a3c7ee29b1754cb2710c798fe9549ee02b0c297581d89ad893135d1897ca5fcd
Instruction Fuzzy Hash: 73F0FE716412907EEA311B27AC4DE7B3E7DD7C6F50F00412EB904E2571C6B95892DBB0

Uniqueness

Uniqueness Score: -1.00%

Function 01832410 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 154
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 01832300: Sleep.KERNELBASE(000001F4), ref: 01832311

CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0183255B

Strings

EUW5LKVO09VLVRFOONW0HK, xrefs: 018325BE, 018325C1

Memory Dump Source

Source File: 00000000.00000002.1647029873.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CreateFileSleep
String ID: EUW5LKVO09VLVRFOONW0HK
API String ID: 2694422964-1277093506
Opcode ID: 0ebe455b214a49a5592a741ee61da05cd6a2a3f651da53c3ce87977bbd615171
Instruction ID: 03f915dd20431f60d2a0dc68401c86a3607c143d4696bbe3aa3ee33c8457d048
Opcode Fuzzy Hash: 0ebe455b214a49a5592a741ee61da05cd6a2a3f651da53c3ce87977bbd615171
Instruction Fuzzy Hash: 30618370D14288DBEF11DBE4C854BEFBBB5AF55304F044198E209BB2C1D6BA1B44CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0010410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0013D5EC

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

_memset.LIBCMT ref: 0010418D
_wcscpy.LIBCMT ref: 001041E1
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 001041F1

Strings

Line: , xrefs: 0013D615

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
String ID: Line:
API String ID: 3942752672-1585850449
Opcode ID: 9e39578652606c17d11c473424077d04527b2698829a4150cbe083c48f951447
Instruction ID: 73bc0d491eeb7846de10a4bff5ad3868fd01055b6e97a58ee9f803be76e8314e
Opcode Fuzzy Hash: 9e39578652606c17d11c473424077d04527b2698829a4150cbe083c48f951447
Instruction Fuzzy Hash: C13191B1508314ABD725EB60EC86FDB77E8AF64310F10451EF2D5920E1EFB4A689C792

Uniqueness

Uniqueness Score: -1.00%

Function 0012564D Relevance: 7.7, APIs: 5, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 001256AB
_memcpy_s.LIBCMT ref: 0012571D
__read_nolock.LIBCMT ref: 0012577B
__filbuf.LIBCMT ref: 0012579E
_memset.LIBCMT ref: 001257E2

Part of subcall function 00128D68: __getptd_noexit.LIBCMT ref: 00128D68

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
String ID:
API String ID: 1559183368-0
Opcode ID: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
Instruction ID: bea313994552681e007c37eef92b7fe2d83427f2a87f7878173adbd3d9aa1fad
Opcode Fuzzy Hash: cbc132a2d90f1fa170c901e77712e707e3c45fd9b9f6dd10e42efcbbdaed9f46
Instruction Fuzzy Hash: BB51B170A01B25DFDB288FA9E8C466E77B7AF50320FA48729F835962D0D7709D748B50

Uniqueness

Uniqueness Score: -1.00%

Function 001069CA Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON

Download Yara Rule

APIs

Part of subcall function 00104F3D: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,001C62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00104F6F

_free.LIBCMT ref: 0013E68C
_free.LIBCMT ref: 0013E6D3

Part of subcall function 00106BEC: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00106D0D

Strings

Bad directive syntax error, xrefs: 0013E6BB
>>>AUTOIT SCRIPT<<<, xrefs: 0013E462

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _free$CurrentDirectoryLibraryLoad
String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
API String ID: 2861923089-1757145024
Opcode ID: 02b57d47fc835e2a750988e45166cbe79cc270d7f17015d7b4da5c11ac20da48
Instruction ID: fddf39c54c9a1d29bf7768fef81e668f3fe3c03eb2f37ebf561fb3f91089afff
Opcode Fuzzy Hash: 02b57d47fc835e2a750988e45166cbe79cc270d7f17015d7b4da5c11ac20da48
Instruction Fuzzy Hash: 96915B71910219EFCF04EFA4CC919EDB7B4BF29314F14446AF856AB2D1EB70A915CB60

Uniqueness

Uniqueness Score: -1.00%

Function 001035B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,001035A1,SwapMouseButtons,00000004,?), ref: 001035D4
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,001035A1,SwapMouseButtons,00000004,?,?,?,?,00102754), ref: 001035F5
RegCloseKey.KERNELBASE(00000000,?,?,001035A1,SwapMouseButtons,00000004,?,?,?,?,00102754), ref: 00103617

Strings

Control Panel\Mouse, xrefs: 001035D2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 2afb9ac34f43d74f74bdbfa5d55d90267126ef42578c7ca3f4f0cf24c8bd0bf1
Instruction ID: 9bba61ef900920568fae451bb39d883c7c6a9988584b77fccf0b3f39ece1b5c8
Opcode Fuzzy Hash: 2afb9ac34f43d74f74bdbfa5d55d90267126ef42578c7ca3f4f0cf24c8bd0bf1
Instruction Fuzzy Hash: 27115775610608BFDB208F64DC80EAEBBBDEF04740F118469F845D7250E7B29F81ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 01831300 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 01831B2D
Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01831B51
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01831B73

Memory Dump Source

Source File: 00000000.00000002.1647029873.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process$ContextCreateMemoryReadThreadWow64
String ID:
API String ID: 2438371351-0
Opcode ID: 75058a4f97cf2fcbd3f6bc15a6ffc08ef8895de4d25848071cc819695d886454
Instruction ID: 7793cbdb9df1f10a4fe3b5b2a9dd605b455142b64ba54d94a31e4947c3b4b5a8
Opcode Fuzzy Hash: 75058a4f97cf2fcbd3f6bc15a6ffc08ef8895de4d25848071cc819695d886454
Instruction Fuzzy Hash: 1A621030A14258DBEB24DFA4C844BDEB772EF98700F1491A9D10DEB390E7799E81CB59

Uniqueness

Uniqueness Score: -1.00%

Function 0012493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 001249D0
__flush.LIBCMT ref: 001249F0
__write.LIBCMT ref: 00124A23
__flsbuf.LIBCMT ref: 00124A51

Part of subcall function 00128D68: __getptd_noexit.LIBCMT ref: 00128D68

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
Instruction ID: fbef98046f0ee08811cd6c62dc227fad1dadf05c5b660f07df962b412e80fa8f
Opcode Fuzzy Hash: 14470a6213cb86a88b8286372661136e60ed3d9327b1e96cf2061ba74b92ecb7
Instruction Fuzzy Hash: 2F41D5706406269FDF2CCFA9E8809AF77A6EF94364B24813DE856C7640D7719DA08B44

Uniqueness

Uniqueness Score: -1.00%

Function 001073E5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0013EE62
GetOpenFileNameW.COMDLG32(?), ref: 0013EEAC

Part of subcall function 001048AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001048A1,?,?,001037C0,?), ref: 001048CE

Part of subcall function 001209D5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 001209F4

Strings

X, xrefs: 0013EE7A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen_memset
String ID: X
API String ID: 3777226403-3081909835
Opcode ID: 2af9a6342ff1de1f2f92b18f554bed67c9dd091a284bc1a33e52d39e58256443
Instruction ID: 0834da82981cb63522fdab3faab9d9d6a87756d1368793b0261131b1f8a57cef
Opcode Fuzzy Hash: 2af9a6342ff1de1f2f92b18f554bed67c9dd091a284bc1a33e52d39e58256443
Instruction Fuzzy Hash: 7E21AE71A042989BCB019F94C845BEE7BF99F59314F00801AF548F72C1DBF85A8A8BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0016901B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00169036
__fread_nolock.LIBCMT ref: 0016904B

Strings

EA06, xrefs: 0016907D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __fread_nolock_memmove
String ID: EA06
API String ID: 1988441806-3962188686
Opcode ID: d92e26b03c7425a9d6fefb351cfec33ab90c4c8cdefc15b7cbc75fd72cb190ba
Instruction ID: 7b7da244dbea90e7ce3dc7842b79370b64a4a92818d636aa20f2b0db2810f36b
Opcode Fuzzy Hash: d92e26b03c7425a9d6fefb351cfec33ab90c4c8cdefc15b7cbc75fd72cb190ba
Instruction Fuzzy Hash: EC01B971904268BEDB28C6A9DC56EFE7BFC9B15301F00419AF552D2181E6B5E6148B60

Uniqueness

Uniqueness Score: -1.00%

Function 00169B6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 00169B82
GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00169B99

Strings

aut, xrefs: 00169B93

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: cf0ae1de78f0a3d1a1e22f672e1dacb628c13e13b23f630e67524f8760a28073
Instruction ID: 2f4492dde95e4c0a51ac65ac45720475b1d68fdbc7aeed4869a361bcb3e795e9
Opcode Fuzzy Hash: cf0ae1de78f0a3d1a1e22f672e1dacb628c13e13b23f630e67524f8760a28073
Instruction Fuzzy Hash: 4ED05E7954030DABDB50AB90DC4EFDA773CEB04700F0046A1BE54D10A1DEB196D98B91

Uniqueness

Uniqueness Score: -1.00%

Function 0017CDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f24b57e9b19895a66855649eb38c1d2eb55e8b5bdaa07aceff3e314fe42046f0
Instruction ID: 6a6ffac1029f5e0c791e1ffe05bade820a8ef903d5773f9ead1aeac2c63518c5
Opcode Fuzzy Hash: f24b57e9b19895a66855649eb38c1d2eb55e8b5bdaa07aceff3e314fe42046f0
Instruction Fuzzy Hash: 7DF138706083059FC714DF28C484A6ABBF5FF88314F54896EF8999B252D771E946CF82

Uniqueness

Uniqueness Score: -1.00%

Function 0010F8CF Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON

Download Yara Rule

APIs

Part of subcall function 001203A2: MapVirtualKeyW.USER32(0000005B,00000000), ref: 001203D3
Part of subcall function 001203A2: MapVirtualKeyW.USER32(00000010,00000000), ref: 001203DB
Part of subcall function 001203A2: MapVirtualKeyW.USER32(000000A0,00000000), ref: 001203E6
Part of subcall function 001203A2: MapVirtualKeyW.USER32(000000A1,00000000), ref: 001203F1
Part of subcall function 001203A2: MapVirtualKeyW.USER32(00000011,00000000), ref: 001203F9
Part of subcall function 001203A2: MapVirtualKeyW.USER32(00000012,00000000), ref: 00120401

Part of subcall function 00116259: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0010FA90), ref: 001162B4

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0010FB2D
OleInitialize.OLE32(00000000), ref: 0010FBAA
CloseHandle.KERNEL32(00000000), ref: 001449F2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 7ec531a35028791e0f04e831da877cb969de699c5485b06d6c16eea36a77855c
Instruction ID: 2b2457a395ef4b23eedce5601110d5994334e069285fef4762246e88426bc1cb
Opcode Fuzzy Hash: 7ec531a35028791e0f04e831da877cb969de699c5485b06d6c16eea36a77855c
Instruction Fuzzy Hash: 9781A8B09002908EC788DF69EE55E597FE4FBA8708310853ED419D7AA2EB75C485CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001043DB Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00104401
Shell_NotifyIconW.SHELL32(00000000,?), ref: 001044A6
Shell_NotifyIconW.SHELL32(00000001,?), ref: 001044C3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: IconNotifyShell_$_memset
String ID:
API String ID: 1505330794-0
Opcode ID: af0d1fcd215c219cbcc17164cdf2460bd22f3b19e66e1184f4e68879867e0a78
Instruction ID: 10cbe90e55c8b1fc132895c241c47204daf114887effeb15d8483a87eca2da66
Opcode Fuzzy Hash: af0d1fcd215c219cbcc17164cdf2460bd22f3b19e66e1184f4e68879867e0a78
Instruction Fuzzy Hash: C53161B15047019FD720DF64D885B9BBBE8FB58304F00092EF6DAC3691D7B5A984CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0012594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 00125963

Part of subcall function 0012A3AB: __NMSG_WRITE.LIBCMT ref: 0012A3D2
Part of subcall function 0012A3AB: __NMSG_WRITE.LIBCMT ref: 0012A3DC

__NMSG_WRITE.LIBCMT ref: 0012596A

Part of subcall function 0012A408: GetModuleFileNameW.KERNEL32(00000000,001C43BA,00000104,?,00000001,00000000), ref: 0012A49A
Part of subcall function 0012A408: ___crtMessageBoxW.LIBCMT ref: 0012A548

Part of subcall function 001232DF: ___crtCorExitProcess.LIBCMT ref: 001232E5
Part of subcall function 001232DF: ExitProcess.KERNEL32 ref: 001232EE

Part of subcall function 00128D68: __getptd_noexit.LIBCMT ref: 00128D68

RtlAllocateHeap.NTDLL(01850000,00000000,00000001,00000000,?,?,?,00121013,?), ref: 0012598F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
String ID:
API String ID: 1372826849-0
Opcode ID: 4374d6f1a961fa386160613a966dd7fbe8133734f8be55c8b805928f8b86452e
Instruction ID: 160a821288507578bef5abb63aecfca79eafc97fa1df2a093024b2c09539838d
Opcode Fuzzy Hash: 4374d6f1a961fa386160613a966dd7fbe8133734f8be55c8b805928f8b86452e
Instruction Fuzzy Hash: C301F131245B35DFEB257B64FC96A6E728A9F62B38F51002AF404AA1C1DF70DDA18760

Uniqueness

Uniqueness Score: -1.00%

Function 00169B2C Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,001697D2,?,?,?,?,?,00000004), ref: 00169B45
SetFileTime.KERNELBASE(00000000,?,00000000,?,?,001697D2,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00169B5B
CloseHandle.KERNEL32(00000000,?,001697D2,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00169B62

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: File$CloseCreateHandleTime
String ID:
API String ID: 3397143404-0
Opcode ID: 91934d34519f2db4fbb95d5f4bafbada6ea2b5493e62d6201a4b71cbd6f16b09
Instruction ID: b8ab73575d29a77eb5dc1803499a177e00c7d5e7fbcdb2f2a729b28209ae9afc
Opcode Fuzzy Hash: 91934d34519f2db4fbb95d5f4bafbada6ea2b5493e62d6201a4b71cbd6f16b09
Instruction Fuzzy Hash: C9E08632180224B7D7212B54EC0DFCA7B18EB05761F104124FB14A90E087B126629798

Uniqueness

Uniqueness Score: -1.00%

Function 00168F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00168FA5

Part of subcall function 00122F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00129C64), ref: 00122FA9
Part of subcall function 00122F95: GetLastError.KERNEL32(00000000,?,00129C64), ref: 00122FBB

_free.LIBCMT ref: 00168FB6
_free.LIBCMT ref: 00168FC8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
Instruction ID: ca95d9cfcd3046efa300828c079824cc1c8713a953ba3e49abe2cf38aaf01fbe
Opcode Fuzzy Hash: 358057a8cee776a4634d1da6a11f7167cf7af4a4bc472a0de26b354d0d310ced
Instruction Fuzzy Hash: 49E012A17097115ACB24A578BE41A9757EE5F48350718095DF809DB142DF34EC618124

Uniqueness

Uniqueness Score: -1.00%

Function 0010AB23 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

CALL, xrefs: 0014002B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID: CALL
API String ID: 0-4196123274
Opcode ID: 02f2ccd562643843daecef2270cecfc7eb8c2f208e8101b04ca40758ba953734
Instruction ID: b0bbc781c2277dd7edaa74b29686c9cf12181dde5d4bc3c0ec582966acedb410
Opcode Fuzzy Hash: 02f2ccd562643843daecef2270cecfc7eb8c2f208e8101b04ca40758ba953734
Instruction Fuzzy Hash: 41225970508341DFC728DF14C494B6ABBE1BF98300F55895DF99A8B2A2D7B1ED85CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00104DD0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00104E1A

Strings

EA06, xrefs: 0013DCF5

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove
String ID: EA06
API String ID: 4104443479-3962188686
Opcode ID: 267e59f5ee013ec7e8bd91740c60019dbee6806512fb97aacc09e1cce3965918
Instruction ID: e4f2ac6304d221dfbaaa510807e3ec7f289ded0a8a069d6a88dc2e8f4aab92b0
Opcode Fuzzy Hash: 267e59f5ee013ec7e8bd91740c60019dbee6806512fb97aacc09e1cce3965918
Instruction Fuzzy Hash: A94189F1A041586BDF258B64D8D17BF7FA6AB55300F294079FEC29A2C2C7E88D4087A1

Uniqueness

Uniqueness Score: -1.00%

Function 0010492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 00104992

Part of subcall function 001235AC: __lock.LIBCMT ref: 001235B2
Part of subcall function 001235AC: DecodePointer.KERNEL32(00000001,?,001049A7,001581BC), ref: 001235BE
Part of subcall function 001235AC: EncodePointer.KERNEL32(?,?,001049A7,001581BC), ref: 001235C9

Part of subcall function 00104A5B: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00104A73
Part of subcall function 00104A5B: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00104A88

Part of subcall function 00103B4C: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00103B7A
Part of subcall function 00103B4C: IsDebuggerPresent.KERNEL32 ref: 00103B8C
Part of subcall function 00103B4C: GetFullPathNameW.KERNEL32(00007FFF,?,?,001C62F8,001C62E0,?,?), ref: 00103BFD
Part of subcall function 00103B4C: SetCurrentDirectoryW.KERNEL32(?), ref: 00103C81

SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 001049D2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
String ID:
API String ID: 1438897964-0
Opcode ID: bed2ae1c5913a1e883f6cd7335600bb78a94fd949c3cd65754f1dbeeaef17415
Instruction ID: b6e1a3089b1a4a891c0a96e28954a765a37649df4a3b00b6a03ffd5d75a6e62a
Opcode Fuzzy Hash: bed2ae1c5913a1e883f6cd7335600bb78a94fd949c3cd65754f1dbeeaef17415
Instruction Fuzzy Hash: 62115971A183119BC700EF29EC45D0AFFE8EBA8710F00452EF495876A2DBB4D695CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00105DF9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000,?,00105981,?,?,?,?), ref: 00105E27
CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000000,?,00105981,?,?,?,?), ref: 0013E19C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: c87dfd0ec609080ac6ca2e2b9bea62048b67289061114e2256f3dbbc5bc84fac
Instruction ID: f0e39eddac1285d16aac50a5705ccc3153ecdd19383ff45bd0ab005a8c171a41
Opcode Fuzzy Hash: c87dfd0ec609080ac6ca2e2b9bea62048b67289061114e2256f3dbbc5bc84fac
Instruction Fuzzy Hash: 49018CB0244708BEF7641E24CC8AF677A9DEB017A8F108318BAE56A1E0C7F01E858F50

Uniqueness

Uniqueness Score: -1.00%

Function 00120FF6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0012594C: __FF_MSGBANNER.LIBCMT ref: 00125963
Part of subcall function 0012594C: __NMSG_WRITE.LIBCMT ref: 0012596A
Part of subcall function 0012594C: RtlAllocateHeap.NTDLL(01850000,00000000,00000001,00000000,?,?,?,00121013,?), ref: 0012598F

std::exception::exception.LIBCMT ref: 0012102C
__CxxThrowException@8.LIBCMT ref: 00121041

Part of subcall function 001287DB: RaiseException.KERNEL32(?,?,?,001BBAF8,00000000,?,?,?,?,00121046,?,001BBAF8,?,00000001), ref: 00128830

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
String ID:
API String ID: 3902256705-0
Opcode ID: 603991d85e525237832da014f08a6a174d9465785b8d9b07957c1f26c0df3645
Instruction ID: 15486c28ea52a8b05101b6a89b77a699db3b7e2eb49b54fad5abd6d4e9e8c021
Opcode Fuzzy Hash: 603991d85e525237832da014f08a6a174d9465785b8d9b07957c1f26c0df3645
Instruction Fuzzy Hash: E8F0C83550127DB7CB25FA98FD059DF7BED9F20350F200425F808A6591EFB18AA092E4

Uniqueness

Uniqueness Score: -1.00%

Function 0012582D Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0012585C
__lock_file.LIBCMT ref: 0012587D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __lock_file_memset
String ID:
API String ID: 26237723-0
Opcode ID: 7a2a3bf5140b963b8879a0a031e61b3680a2e3d36f556940f62a5ead838995d6
Instruction ID: af89fbb7a9d112867233b1e51cd29ec995f6fdbca0e1829b7464e3a7c7de2aeb
Opcode Fuzzy Hash: 7a2a3bf5140b963b8879a0a031e61b3680a2e3d36f556940f62a5ead838995d6
Instruction Fuzzy Hash: 5901A771C01628EBCF22AF6AAC4199F7F62AF60360F144215F8245B1A1DB718A31DF91

Uniqueness

Uniqueness Score: -1.00%

Function 001255D6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00128D68: __getptd_noexit.LIBCMT ref: 00128D68

__lock_file.LIBCMT ref: 0012561B

Part of subcall function 00126E4E: __lock.LIBCMT ref: 00126E71

__fclose_nolock.LIBCMT ref: 00125626

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: 9bee1a5890152ab452646184598df46d2422093b3e7a1858d2bba6b29c01e342
Instruction ID: 0e583fa8b97b94272b09feda0b0e626bcd3ba87731f7f54a482dea33a079d5c0
Opcode Fuzzy Hash: 9bee1a5890152ab452646184598df46d2422093b3e7a1858d2bba6b29c01e342
Instruction Fuzzy Hash: 0BF0B471801A349ED721BF79B84276E7BA26F60334F558209E414AB1C1CF7C89219F95

Uniqueness

Uniqueness Score: -1.00%

Function 018312FD Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 01831B2D
Wow64GetThreadContext.KERNEL32(?,00010007), ref: 01831B51
ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 01831B73

Memory Dump Source

Source File: 00000000.00000002.1647029873.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process$ContextCreateMemoryReadThreadWow64
String ID:
API String ID: 2438371351-0
Opcode ID: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
Instruction ID: fc5f529adff3bb1b08c43c83c369b0b2f262b2c75116d31995973cd44d739dd5
Opcode Fuzzy Hash: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
Instruction Fuzzy Hash: AA12EF24E18658C6EB24DF64D8507DEB232EF68700F1090E9910DEB7A4E77A4F81CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 0010F3F0 Relevance: 1.7, APIs: 1, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 899c8ab1a591682fa55213077536fc8e0a4eb929ea24bd5b0097ed10ef7919b0
Instruction ID: 4d8f82c84932df9aa83c098076686ddc0bdcf7204733c88656c9474842136b90
Opcode Fuzzy Hash: 899c8ab1a591682fa55213077536fc8e0a4eb929ea24bd5b0097ed10ef7919b0
Instruction Fuzzy Hash: AB61AC7060020ADFCB24DF64C892AAAB7F4EF04300F15807DE9869B692E7B1ED52CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00112123 Relevance: 1.7, APIs: 1, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268e638765422db7cfd092c82e47da5ec988ce6ac998cb783809d2668c5e0d0f
Instruction ID: cc8fc5251ef0583d95a93a8b95497f18cc8b64f95ed90c01f07defe9441a4daf
Opcode Fuzzy Hash: 268e638765422db7cfd092c82e47da5ec988ce6ac998cb783809d2668c5e0d0f
Instruction Fuzzy Hash: 7D51AE35700604AFCF18EB68C995EAE77A6AF95324F148068F846AB3D2CB70ED00CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00105C4E Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00105CF6

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 9aa3ba09051b22391cb37d178d0b53bc6e1eef424f9d284c0dfb0b4ec1476ec4
Instruction ID: ed3def49489223a77bb6a261bb1a1cb7dc860d8777271a78cfda635b885c4acc
Opcode Fuzzy Hash: 9aa3ba09051b22391cb37d178d0b53bc6e1eef424f9d284c0dfb0b4ec1476ec4
Instruction Fuzzy Hash: 6B318D31A00B09AFDB08DF6DC58466EB7BAFF48310F14862AD85993780D7B0B950DF90

Uniqueness

Uniqueness Score: -1.00%

Function 001400D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 001400E1

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 02cabe006aba4ee9e59d209302df4b631391a807a12999966fb6c876fbdf7952
Instruction ID: f6af6d02931134e776910c9e99a45ed3c69d45cec5e1dba455e24e628c6d8cc8
Opcode Fuzzy Hash: 02cabe006aba4ee9e59d209302df4b631391a807a12999966fb6c876fbdf7952
Instruction Fuzzy Hash: 7A413774508351DFDB25DF14C484B1ABBE0BF59318F1988ACE9898B7A2C372EC85CB52

Uniqueness

Uniqueness Score: -1.00%

Function 001079AB Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 001079F9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 64602025b210a69d44d795642d596fdfc93abb49ffaa1266944914acc7b2a18e
Instruction ID: b13380c45cd6f847fef7a038e196f6eaeac3528a1239e1ea3845f08ee1d93635
Opcode Fuzzy Hash: 64602025b210a69d44d795642d596fdfc93abb49ffaa1266944914acc7b2a18e
Instruction Fuzzy Hash: 9311E131608215AFC714DF28D881C7EB7A8EF45364728861AF899CB2E1DB72FC1187D0

Uniqueness

Uniqueness Score: -1.00%

Function 00104F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00104D13: FreeLibrary.KERNEL32(00000000,?), ref: 00104D4D

Part of subcall function 0012548B: __wfsopen.LIBCMT ref: 00125496

LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,001C62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00104F6F

Part of subcall function 00104CC8: FreeLibrary.KERNEL32(00000000), ref: 00104D02

Part of subcall function 00104DD0: _memmove.LIBCMT ref: 00104E1A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Library$Free$Load__wfsopen_memmove
String ID:
API String ID: 1396898556-0
Opcode ID: 686241a070b3af8545b12830d181d83681842d83cbd26f2d5a6850f0fdc9cf70
Instruction ID: bc50f9217b10043a2473fdbd21a23b7125336ea0a38ba38193fc808f2109c74b
Opcode Fuzzy Hash: 686241a070b3af8545b12830d181d83681842d83cbd26f2d5a6850f0fdc9cf70
Instruction Fuzzy Hash: C3110A7160030AABCB14FF74DC82F6E77A99F54710F10842DF6C1A61C1DBB19A159B60

Uniqueness

Uniqueness Score: -1.00%

Function 001401AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 001401BB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 8838b8fb00cca177ca3b819c081f8293f0bab0e31fe209e77c441f7edf321253
Instruction ID: 8f3e8fad442ba7008c71f1e077c0ac5bfd8b58d4eede44c6abd23243125e5b71
Opcode Fuzzy Hash: 8838b8fb00cca177ca3b819c081f8293f0bab0e31fe209e77c441f7edf321253
Instruction Fuzzy Hash: F62122B4908351DFCB24DF64C484A1ABBE0BF88314F05896CF98A577A2D771E859CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00105D20 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,?,00010000,?,00000000,00000000,?,00010000,?,00105807,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00105D76

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 679e800414e2bdc1d5753dafb16492190c72d1bd2fabc8b4ad7f12a1f6649248
Instruction ID: 4a516580fec17aed772e25a3072437dd918be33700673b7d72b5d27a3b65e0ea
Opcode Fuzzy Hash: 679e800414e2bdc1d5753dafb16492190c72d1bd2fabc8b4ad7f12a1f6649248
Instruction Fuzzy Hash: DC113631200B019FD3308F55C888B63B7EAEF45764F10C92EE4EA86A90D7B0E945CF60

Uniqueness

Uniqueness Score: -1.00%

Function 00107D2C Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00107D66

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 3d3243fa54fb51fb610cc8235d1175a3df1bd9517534bab7006703082c58c90d
Instruction ID: 3a44c89d9a385c7570f72e7bd412898e450b0bc1c6826d695fc0161a33aadf96
Opcode Fuzzy Hash: 3d3243fa54fb51fb610cc8235d1175a3df1bd9517534bab7006703082c58c90d
Instruction Fuzzy Hash: AB01B571608610AFD714AF68E902F3EB7E8AF54350F20852EF8DAC62E5DF71A851C794

Uniqueness

Uniqueness Score: -1.00%

Function 00124A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 00124AD6

Part of subcall function 00128D68: __getptd_noexit.LIBCMT ref: 00128D68

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __getptd_noexit__lock_file
String ID:
API String ID: 2597487223-0
Opcode ID: b77ebc34bf9c79ccd228e5d24d41a11a62deb3934a51acdfece11d366ac41921
Instruction ID: 21cc406ce4885ceb7fabf303343975aed7ad6eb104a6cc08da046a9a613449d7
Opcode Fuzzy Hash: b77ebc34bf9c79ccd228e5d24d41a11a62deb3934a51acdfece11d366ac41921
Instruction Fuzzy Hash: 7CF0AF31941229ABDF61BF64EC0639F36A1AF20325F058518F424AB1D1CB788A70DF95

Uniqueness

Uniqueness Score: -1.00%

Function 00104FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,001C62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00104FDE

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: d23b09e4441d61732d862c06559a866cbe4aadbc3864c9d758a94a91c0922bb5
Instruction ID: b0459def0f65b030c74ccae06347851b615e94b41c7eb406344b790a4b85e671
Opcode Fuzzy Hash: d23b09e4441d61732d862c06559a866cbe4aadbc3864c9d758a94a91c0922bb5
Instruction Fuzzy Hash: 18F039B1105716CFCB389F68E4D4812BBE2BF143293218A3EE2D682A50C7B1A890DF40

Uniqueness

Uniqueness Score: -1.00%

Function 001048AE Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001048A1,?,?,001037C0,?), ref: 001048CE

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FullNamePath_memmove
String ID:
API String ID: 486084662-0
Opcode ID: f1aff1378c1429f847dc2e1a7f870416a183066bc5b321f862b66296e531183e
Instruction ID: f5b3920ee00eab2ed0589e0a82c7e81d51605fc565d94714a279578c04606ce8
Opcode Fuzzy Hash: f1aff1378c1429f847dc2e1a7f870416a183066bc5b321f862b66296e531183e
Instruction Fuzzy Hash: 50E0D830A0831867D714F2608C02FBA765CAF18750F0044B6FD4CD22C5EFD4AD4186A1

Uniqueness

Uniqueness Score: -1.00%

Function 001209D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 001209F4

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: LongNamePath_memmove
String ID:
API String ID: 2514874351-0
Opcode ID: 076855118eee29ee4c06ca239aa25df3a568396f8617773b45f46c32a4def157
Instruction ID: bff964f6c7ab1eca5faa60df38aa7434d55965d17b90a081c0f9a3f52df44061
Opcode Fuzzy Hash: 076855118eee29ee4c06ca239aa25df3a568396f8617773b45f46c32a4def157
Instruction Fuzzy Hash: 8CE0CD36D0422857C720D6989C05FFAB7EEDFC87A0F0401B5FC4CD7248DAA0AD828790

Uniqueness

Uniqueness Score: -1.00%

Function 00169129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 0016914B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
Instruction ID: 46d1a7309f95fccfbb76fe012bd07d4c30b461f89f4d625a0b05ae334be1e4fa
Opcode Fuzzy Hash: 7603a7e23398706fbe611478ecf9e3358d47b441acc83f726054c373298f7434
Instruction Fuzzy Hash: B1E092B0104B005FD7348A24DC507E373E5AB16325F00081CF2AA83341EB62B8518B59

Uniqueness

Uniqueness Score: -1.00%

Function 00105DAE Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,00000000,00000000,?,00000001,?,?,?,0013E16B,?,?,00000000), ref: 00105DBF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: a8038a6b9d08439b8ed2f600e0640e1993d00fc4a64d51d202b23e0127da916d
Instruction ID: 54154a6b7c27d953cf2f4780f74a1887af2dc592bb7c72ebcb57ea1c7fcfb6ef
Opcode Fuzzy Hash: a8038a6b9d08439b8ed2f600e0640e1993d00fc4a64d51d202b23e0127da916d
Instruction Fuzzy Hash: 50D0C77464020CBFE710DB80DC46FA9777CD705710F200194FD0456690D6B27E508795

Uniqueness

Uniqueness Score: -1.00%

Function 0012548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

__wfsopen.LIBCMT ref: 00125496

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __wfsopen
String ID:
API String ID: 197181222-0
Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction ID: 67b4c72aa9852e30fb5cefb7ed9cde9e3af79c81c60b615d9b1d1a6ae2cb36e8
Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction Fuzzy Hash: 77B0927684020C77DF012E82FC02A697B1A9B54678F808020FB0C18162A673A6B09689

Uniqueness

Uniqueness Score: -1.00%

Function 0014220E Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetTempPathW.KERNELBASE(00000104,?), ref: 0014221A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: PathTemp
String ID:
API String ID: 2920410445-0
Opcode ID: 4672ad97d2a862b1e795f6461f5735b38d97a24c88464e3a18d7a70f395be11b
Instruction ID: e5fd3f13ba3c34b912c34273c7b415b45e3c1b739fb83d27d62b62a23ecd4d64
Opcode Fuzzy Hash: 4672ad97d2a862b1e795f6461f5735b38d97a24c88464e3a18d7a70f395be11b
Instruction Fuzzy Hash: B2C09B714540199FE719A750DCD5AB8733CFF14701F1040D57145D1051D7B05BC1CF11

Uniqueness

Uniqueness Score: -1.00%

Function 0016D2E6 Relevance: 1.4, APIs: 1, Instructions: 198COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000002,00000000), ref: 0016D46A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 89da5fe6b2359bc56fe1305fc11a76f67bf7423d8040d9dbb7a8143724724403
Instruction ID: a44dc46b9181566fe57d09536cd4bbf719cf1b64d5c08ed1489e6b010a3cfd58
Opcode Fuzzy Hash: 89da5fe6b2359bc56fe1305fc11a76f67bf7423d8040d9dbb7a8143724724403
Instruction Fuzzy Hash: 0B7150306083028FC714EF28D991A6AB7E1AF98314F04496DF8969B6E2DF70ED55CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00120E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00120EF7

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: 1dc61d1595d21f8b8b1c17e234e529926f8bf6a7c738ac28a7059d248c107635
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: 9531F370A00115DFC71ADF48E584969F7A6FF59300B268BA9E409CB652D730EEE1CB80

Uniqueness

Uniqueness Score: -1.00%

Function 018322FC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000001F4), ref: 01832311

Memory Dump Source

Source File: 00000000.00000002.1647029873.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
Instruction ID: 7091354372520fd103af001d5281fb68e97cf3b58609490aa3339d490c588167
Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
Instruction Fuzzy Hash: ABE0BF7494020DEFDB00EFB4D5496DE7BB5EF04301F1005A1FD05D7691DB319E549A62

Uniqueness

Uniqueness Score: -1.00%

Function 01832300 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000001F4), ref: 01832311

Memory Dump Source

Source File: 00000000.00000002.1647029873.0000000001830000.00000040.00001000.00020000.00000000.sdmp, Offset: 01830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1830000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction ID: 113b7ec9dfbe8a914e057ab2b279d5438d857df360b3e2e33f2e85fa77e5b34e
Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction Fuzzy Hash: 26E0E67494020DDFDB00EFB4D54969E7FB4EF04301F100561FD01D2281D6319E509A62

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0018CDAC Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 637windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0018CE50
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0018CE91
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0018CED6
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0018CF00
SendMessageW.USER32 ref: 0018CF29
_wcsncpy.LIBCMT ref: 0018CFA1
GetKeyState.USER32(00000011), ref: 0018CFC2
GetKeyState.USER32(00000009), ref: 0018CFCF
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0018CFE5
GetKeyState.USER32(00000010), ref: 0018CFEF
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0018D018
SendMessageW.USER32 ref: 0018D03F
SendMessageW.USER32(?,00001030,?,0018B602), ref: 0018D145
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0018D15B
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0018D16E
SetCapture.USER32(?), ref: 0018D177
ClientToScreen.USER32(?,?), ref: 0018D1DC
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0018D1E9
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0018D203
ReleaseCapture.USER32 ref: 0018D20E
GetCursorPos.USER32(?), ref: 0018D248
ScreenToClient.USER32(?,?), ref: 0018D255
SendMessageW.USER32(?,00001012,00000000,?), ref: 0018D2B1
SendMessageW.USER32 ref: 0018D2DF
SendMessageW.USER32(?,00001111,00000000,?), ref: 0018D31C
SendMessageW.USER32 ref: 0018D34B
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0018D36C
SendMessageW.USER32(?,0000110B,00000009,?), ref: 0018D37B
GetCursorPos.USER32(?), ref: 0018D39B
ScreenToClient.USER32(?,?), ref: 0018D3A8
GetParent.USER32(?), ref: 0018D3C8
SendMessageW.USER32(?,00001012,00000000,?), ref: 0018D431
SendMessageW.USER32 ref: 0018D462
ClientToScreen.USER32(?,?), ref: 0018D4C0
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0018D4F0
SendMessageW.USER32(?,00001111,00000000,?), ref: 0018D51A
SendMessageW.USER32 ref: 0018D53D
ClientToScreen.USER32(?,?), ref: 0018D58F
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0018D5C3

Part of subcall function 001025DB: GetWindowLongW.USER32(?,000000EB), ref: 001025EC

GetWindowLongW.USER32(?,000000F0), ref: 0018D65F

Strings

F, xrefs: 0018D543
@GUI_DRAGID, xrefs: 0018D1AA

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
String ID: @GUI_DRAGID$F
API String ID: 3977979337-4164748364
Opcode ID: d533316f2921aeeba097e752038177167e0abc6f73353838d95551df811a585d
Instruction ID: d9f28b628d3460d8a11d9b649ba225895f7341284f960562ca3f857428bf2440
Opcode Fuzzy Hash: d533316f2921aeeba097e752038177167e0abc6f73353838d95551df811a585d
Instruction Fuzzy Hash: A5427B70204341AFD725EF28C888EAABBE5FF48314F14061DF695976A0D7719A91CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0018804A Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0018873F

Strings

%d/%02d/%02d, xrefs: 00188478

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend
String ID: %d/%02d/%02d
API String ID: 3850602802-328681919
Opcode ID: 2c04213bc1f9a9262b5cd3896ce37cbfb1afa679af4d3eafe9ff4abe43f1878d
Instruction ID: 0a6e3a346f7b767b831cf237c1137324488db814ac38f30a173e4585d5d226e8
Opcode Fuzzy Hash: 2c04213bc1f9a9262b5cd3896ce37cbfb1afa679af4d3eafe9ff4abe43f1878d
Instruction Fuzzy Hash: 1B12A371500254ABEB25AF28DC89FAE7BB4EF45710F60422DF915EA2E1EF709A41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0011710E Relevance: 48.8, APIs: 19, Strings: 6, Instructions: 5093COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 001175C2
_memset.LIBCMT ref: 001176B1
_memmove.LIBCMT ref: 00117C4B
_memmove.LIBCMT ref: 00117E4F

Strings

Q\E, xrefs: 001181C1
\b(?<=\w), xrefs: 00153C41
[:>:]], xrefs: 0011760A
DEFINE, xrefs: 001525AF
\b(?=\w), xrefs: 00153C34
[:<:]], xrefs: 001175F1

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove$_memset
String ID: DEFINE$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
API String ID: 1357608183-1798697756
Opcode ID: 3a67144ac3da354fc840b9299170b99908cef3f63caace92f77c8d5ec7e9cdc4
Instruction ID: dfcf7e139d4c393b10a19827787f4381d221ecbdb7c15301f873e059940aa7a1
Opcode Fuzzy Hash: 3a67144ac3da354fc840b9299170b99908cef3f63caace92f77c8d5ec7e9cdc4
Instruction Fuzzy Hash: 1D938071A04215DBDB28CF98D881BEDB7B1FF48315F25816AE965AF380E7709E85CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00104A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?), ref: 00104A3D
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0013DA8E
IsIconic.USER32(?), ref: 0013DA97
ShowWindow.USER32(?,00000009), ref: 0013DAA4
SetForegroundWindow.USER32(?), ref: 0013DAAE
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0013DAC4
GetCurrentThreadId.KERNEL32 ref: 0013DACB
GetWindowThreadProcessId.USER32(?,00000000), ref: 0013DAD7
AttachThreadInput.USER32(?,00000000,00000001), ref: 0013DAE8
AttachThreadInput.USER32(?,00000000,00000001), ref: 0013DAF0
AttachThreadInput.USER32(00000000,?,00000001), ref: 0013DAF8
SetForegroundWindow.USER32(?), ref: 0013DAFB
MapVirtualKeyW.USER32(00000012,00000000), ref: 0013DB10
keybd_event.USER32(00000012,00000000), ref: 0013DB1B
MapVirtualKeyW.USER32(00000012,00000000), ref: 0013DB25
keybd_event.USER32(00000012,00000000), ref: 0013DB2A
MapVirtualKeyW.USER32(00000012,00000000), ref: 0013DB33
keybd_event.USER32(00000012,00000000), ref: 0013DB38
MapVirtualKeyW.USER32(00000012,00000000), ref: 0013DB42
keybd_event.USER32(00000012,00000000), ref: 0013DB47
SetForegroundWindow.USER32(?), ref: 0013DB4A
AttachThreadInput.USER32(?,?,00000000), ref: 0013DB71

Strings

Shell_TrayWnd, xrefs: 0013DA89

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 121cccc09c37090ddbc143ac55e58ca323f95bda1e62a4fa2b2442266633b416
Instruction ID: 80cf2ca0e8bfa29a723f7b78db31983afd133568b0b6694d9a8d3f37be21c644
Opcode Fuzzy Hash: 121cccc09c37090ddbc143ac55e58ca323f95bda1e62a4fa2b2442266633b416
Instruction Fuzzy Hash: EC315371A40318BFEB216F61AC4AF7E7E6CEB44B50F114029FA04E71D0D7B05952ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 00158858 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON

Download Yara Rule

APIs

Part of subcall function 00158CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00158D0D
Part of subcall function 00158CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00158D3A
Part of subcall function 00158CC3: GetLastError.KERNEL32 ref: 00158D47

_memset.LIBCMT ref: 0015889B
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 001588ED
CloseHandle.KERNEL32(?), ref: 001588FE
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00158915
GetProcessWindowStation.USER32 ref: 0015892E
SetProcessWindowStation.USER32(00000000), ref: 00158938
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00158952

Part of subcall function 00158713: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00158851), ref: 00158728
Part of subcall function 00158713: CloseHandle.KERNEL32(?,?,00158851), ref: 0015873A

Strings

default, xrefs: 0015894D
, xrefs: 001588AA
winsta0, xrefs: 00158910

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
String ID: $default$winsta0
API String ID: 2063423040-1027155976
Opcode ID: e1e469c48fb1987aef9d3797f5c92abe34cda7233aea4775f3bba92b4c7c7302
Instruction ID: fdfd07b4be07354df6a679a4e1c94897c2477798b0b78c8bd667e45f7c1713f6
Opcode Fuzzy Hash: e1e469c48fb1987aef9d3797f5c92abe34cda7233aea4775f3bba92b4c7c7302
Instruction Fuzzy Hash: 11812871900249EFDF11DFA4DC45AEEBBB8EF18305F18416AFD20BB161DB318A599B60

Uniqueness

Uniqueness Score: -1.00%

Function 0017425A Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(0018F910), ref: 00174284
IsClipboardFormatAvailable.USER32(0000000D), ref: 00174292
GetClipboardData.USER32(0000000D), ref: 0017429A
CloseClipboard.USER32 ref: 001742A6
GlobalLock.KERNEL32(00000000), ref: 001742C2
CloseClipboard.USER32 ref: 001742CC
GlobalUnlock.KERNEL32(00000000,00000000), ref: 001742E1
IsClipboardFormatAvailable.USER32(00000001), ref: 001742EE
GetClipboardData.USER32(00000001), ref: 001742F6
GlobalLock.KERNEL32(00000000), ref: 00174303
GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 00174337
CloseClipboard.USER32 ref: 00174447

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
String ID:
API String ID: 3222323430-0
Opcode ID: dbe186bcb53a3ac2ff713f490e8e787cec5faad4da38b5dbae9bc06b0df2ce1b
Instruction ID: 64fd29474323a0c14fa37f7ebe1feaa3ea96f7746d2779d7f60350296eef6c53
Opcode Fuzzy Hash: dbe186bcb53a3ac2ff713f490e8e787cec5faad4da38b5dbae9bc06b0df2ce1b
Instruction Fuzzy Hash: 2151A131204301ABD301AF64EC86F6E77B8AF94B00F10852DF59AD31E2DB70DA458B62

Uniqueness

Uniqueness Score: -1.00%

Function 0016C9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 0016C9F8
FindClose.KERNEL32(00000000), ref: 0016CA4C
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0016CA71
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0016CA88
FileTimeToSystemTime.KERNEL32(?,?), ref: 0016CAAF
__swprintf.LIBCMT ref: 0016CAFB
__swprintf.LIBCMT ref: 0016CB3E

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

__swprintf.LIBCMT ref: 0016CB92

Part of subcall function 001238D8: __woutput_l.LIBCMT ref: 00123931

__swprintf.LIBCMT ref: 0016CBE0

Part of subcall function 001238D8: __flsbuf.LIBCMT ref: 00123953
Part of subcall function 001238D8: __flsbuf.LIBCMT ref: 0012396B

__swprintf.LIBCMT ref: 0016CC2F
__swprintf.LIBCMT ref: 0016CC7E
__swprintf.LIBCMT ref: 0016CCCD

Strings

%4d, xrefs: 0016CB38
%4d%02d%02d%02d%02d%02d, xrefs: 0016CAF5
%02d, xrefs: 0016CB86, 0016CB90, 0016CBDE, 0016CC2D, 0016CC7C, 0016CCCB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
API String ID: 3953360268-2428617273
Opcode ID: f41ad713cf27b6874b785448c9e603e6681c30187b7199622e285ced092ecd5b
Instruction ID: e975cefc8eae8f3ac2dd50b171a62d9b0d040895a0de14f4096ac68b39a3d8d1
Opcode Fuzzy Hash: f41ad713cf27b6874b785448c9e603e6681c30187b7199622e285ced092ecd5b
Instruction Fuzzy Hash: FFA12DB1508305ABC710EBA4CC95DAFB7ECFFA8700F404919B595C7192EB74DA49CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0016F200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 0016F221
_wcscmp.LIBCMT ref: 0016F236
_wcscmp.LIBCMT ref: 0016F24D
GetFileAttributesW.KERNEL32(?), ref: 0016F25F
SetFileAttributesW.KERNEL32(?,?), ref: 0016F279
FindNextFileW.KERNEL32(00000000,?), ref: 0016F291
FindClose.KERNEL32(00000000), ref: 0016F29C
FindFirstFileW.KERNEL32(*.*,?), ref: 0016F2B8
_wcscmp.LIBCMT ref: 0016F2DF
_wcscmp.LIBCMT ref: 0016F2F6
SetCurrentDirectoryW.KERNEL32(?), ref: 0016F308
SetCurrentDirectoryW.KERNEL32(001BA5A0), ref: 0016F326
FindNextFileW.KERNEL32(00000000,00000010), ref: 0016F330
FindClose.KERNEL32(00000000), ref: 0016F33D
FindClose.KERNEL32(00000000), ref: 0016F34F

Strings

*.*, xrefs: 0016F2B3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1803514871-438819550
Opcode ID: 82f3ae63cfa0853e0a15413687b756b287ee0e8c5fada2298307e029fb62f1f0
Instruction ID: 6cb3dda0ce8238097b4a6f27d7fc5e23292fc9559d0523466bd4aefe139b768a
Opcode Fuzzy Hash: 82f3ae63cfa0853e0a15413687b756b287ee0e8c5fada2298307e029fb62f1f0
Instruction Fuzzy Hash: 4831A07A5012196ADF20DFB4EC59ADE73ACAF49360F50417DE814D31A0EB34DBA6CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00180AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00180BDE
RegCreateKeyExW.ADVAPI32(?,?,00000000,0018F910,00000000,?,00000000,?,?), ref: 00180C4C
RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00180C94
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00180D1D
RegCloseKey.ADVAPI32(?), ref: 0018103D
RegCloseKey.ADVAPI32(00000000), ref: 0018104A

Strings

REG_BINARY, xrefs: 00180FD8
REG_DWORD, xrefs: 00180F0E
REG_EXPAND_SZ, xrefs: 00180CBA
REG_SZ, xrefs: 00180D5B
REG_MULTI_SZ, xrefs: 00180E05
REG_QWORD, xrefs: 00180F8B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Close$ConnectCreateRegistryValue
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 536824911-966354055
Opcode ID: 6cfc3271e51b4be9509edf319913ae98e6bd482524abd14489eca791a823b5b6
Instruction ID: ecb7848ac8350b6702f6228b99141df7e6b8868d6a8c497fe64fa66e6d7753f7
Opcode Fuzzy Hash: 6cfc3271e51b4be9509edf319913ae98e6bd482524abd14489eca791a823b5b6
Instruction Fuzzy Hash: F00249752046119FCB14EF28C895E2AB7E5FF98714F04885DF89A9B3A2CB70ED45CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0016F35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 0016F37E
_wcscmp.LIBCMT ref: 0016F393
_wcscmp.LIBCMT ref: 0016F3AA

Part of subcall function 001645C1: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 001645DC

FindNextFileW.KERNEL32(00000000,?), ref: 0016F3D9
FindClose.KERNEL32(00000000), ref: 0016F3E4
FindFirstFileW.KERNEL32(*.*,?), ref: 0016F400
_wcscmp.LIBCMT ref: 0016F427
_wcscmp.LIBCMT ref: 0016F43E
SetCurrentDirectoryW.KERNEL32(?), ref: 0016F450
SetCurrentDirectoryW.KERNEL32(001BA5A0), ref: 0016F46E
FindNextFileW.KERNEL32(00000000,00000010), ref: 0016F478
FindClose.KERNEL32(00000000), ref: 0016F485
FindClose.KERNEL32(00000000), ref: 0016F497

Strings

*.*, xrefs: 0016F3FB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 1824444939-438819550
Opcode ID: f707550363e0a8bf3e898ed72e9d83749f1f5aa7ab6ed7fd20fc4b3ab0b13f07
Instruction ID: d455fd2a3cc3bd81d64d8126130000ae42933a0ef71a1545c1b095ec0dc03060
Opcode Fuzzy Hash: f707550363e0a8bf3e898ed72e9d83749f1f5aa7ab6ed7fd20fc4b3ab0b13f07
Instruction Fuzzy Hash: 4B31B5725012196FCF10AF64FC88ADE77ADAF49360F100179E850E35A0DB34DBA6CB64

Uniqueness

Uniqueness Score: -1.00%

Function 001581F7 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0015874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00158766
Part of subcall function 0015874A: GetLastError.KERNEL32(?,0015822A,?,?,?), ref: 00158770
Part of subcall function 0015874A: GetProcessHeap.KERNEL32(00000008,?,?,0015822A,?,?,?), ref: 0015877F
Part of subcall function 0015874A: HeapAlloc.KERNEL32(00000000,?,0015822A,?,?,?), ref: 00158786
Part of subcall function 0015874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0015879D

Part of subcall function 001587E7: GetProcessHeap.KERNEL32(00000008,00158240,00000000,00000000,?,00158240,?), ref: 001587F3
Part of subcall function 001587E7: HeapAlloc.KERNEL32(00000000,?,00158240,?), ref: 001587FA
Part of subcall function 001587E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00158240,?), ref: 0015880B

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0015825B
_memset.LIBCMT ref: 00158270
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0015828F
GetLengthSid.ADVAPI32(?), ref: 001582A0
GetAce.ADVAPI32(?,00000000,?), ref: 001582DD
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 001582F9
GetLengthSid.ADVAPI32(?), ref: 00158316
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00158325
HeapAlloc.KERNEL32(00000000), ref: 0015832C
GetLengthSid.ADVAPI32(?,00000008,?), ref: 0015834D
CopySid.ADVAPI32(00000000), ref: 00158354
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00158385
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 001583AB
SetUserObjectSecurity.USER32(?,00000004,?), ref: 001583BF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 1a9e7b3be47069ea09c487bf5f2a8ee2bbb7c7cad861e15d1f53ab04559557a1
Instruction ID: 5b2afff9ce57f0000742026b7db1a35b621d7766a1b12fa25d1ea2ea7f2de612
Opcode Fuzzy Hash: 1a9e7b3be47069ea09c487bf5f2a8ee2bbb7c7cad861e15d1f53ab04559557a1
Instruction Fuzzy Hash: 34615A71900209EFDF00DFA5DC84AEEBBB9FF04705F148169F825AB291DB319A59CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00116843 Relevance: 18.4, Strings: 14, Instructions: 883COMMON

Download Yara Rule

Strings

NO_START_OPT), xrefs: 00151588
CRLF), xrefs: 001516FA
UCP), xrefs: 00151546
CR), xrefs: 001516C0
LF), xrefs: 001516DD
UTF), xrefs: 00151533
LIMIT_RECURSION=, xrefs: 00151635
UTF16), xrefs: 00151508
BSR_ANYCRLF), xrefs: 00151757
ANY), xrefs: 00151717
LIMIT_MATCH=, xrefs: 001515A9
ANYCRLF), xrefs: 00151734
BSR_UNICODE), xrefs: 00151771
NO_AUTO_POSSESS), xrefs: 00151567

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
API String ID: 0-4052911093
Opcode ID: c9e1520af151fb8073125cf0d34282ff80e86112052b4c049373311d6416f168
Instruction ID: 1c8a097a59aba6abf5670924b6741a7c2a1e8a94996d62df81e6d1e57c91bf9e
Opcode Fuzzy Hash: c9e1520af151fb8073125cf0d34282ff80e86112052b4c049373311d6416f168
Instruction Fuzzy Hash: 2D727D75E00219DBDF29CF58D8807EEB7B5FF48310F15816AE859AB280E7719E85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00180665 Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON

Download Yara Rule

APIs

Part of subcall function 001810A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00180038,?,?), ref: 001810BC

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00180737

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 001807D6
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 0018086E
RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00180AAD
RegCloseKey.ADVAPI32(00000000), ref: 00180ABA

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
String ID:
API String ID: 1240663315-0
Opcode ID: a46ed46faea3625c49748d7ab83c1b47556fd9847bbf14e02888ea6a88f83ceb
Instruction ID: b88d8ba150c6adf10825ebfd6b7199c02fab30036e45e6d4ee5aecababc348f2
Opcode Fuzzy Hash: a46ed46faea3625c49748d7ab83c1b47556fd9847bbf14e02888ea6a88f83ceb
Instruction Fuzzy Hash: CBE16E31204314AFCB15EF28C891E2ABBE5EF89714B04856DF499DB2A2DB30EE45CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00160219 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00160241
GetAsyncKeyState.USER32(000000A0), ref: 001602C2
GetKeyState.USER32(000000A0), ref: 001602DD
GetAsyncKeyState.USER32(000000A1), ref: 001602F7
GetKeyState.USER32(000000A1), ref: 0016030C
GetAsyncKeyState.USER32(00000011), ref: 00160324
GetKeyState.USER32(00000011), ref: 00160336
GetAsyncKeyState.USER32(00000012), ref: 0016034E
GetKeyState.USER32(00000012), ref: 00160360
GetAsyncKeyState.USER32(0000005B), ref: 00160378
GetKeyState.USER32(0000005B), ref: 0016038A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 5acd5c3f622ff307514593112bda84360e76abe263dcf4b7804209b321b1d00f
Instruction ID: e83416acfde201735f700742a8395d2b0faecc16291cde0e10d8bcdf105043a8
Opcode Fuzzy Hash: 5acd5c3f622ff307514593112bda84360e76abe263dcf4b7804209b321b1d00f
Instruction Fuzzy Hash: D34189349047C96EFF329A648C183B7BEA0BF19345F08809DD9C6466C2E7945DE887A2

Uniqueness

Uniqueness Score: -1.00%

Function 00174458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0017447F
EmptyClipboard.USER32 ref: 00174485
GlobalAlloc.KERNEL32(00000002,?), ref: 0017449A
CloseClipboard.USER32 ref: 00174539

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 548750bd219c7a5c85e7831000a2b58077e26dfa4ad40365976d0543f203819c
Instruction ID: 60ea9fe1e600031ae5d91e266f39589f6fb47220d8a4d99d30f5229d1fa0a104
Opcode Fuzzy Hash: 548750bd219c7a5c85e7831000a2b58077e26dfa4ad40365976d0543f203819c
Instruction Fuzzy Hash: 2A217F357002209FDB10AF64EC09B6D7BA8EF14715F20806AF94ADB6A2DB74ED41CB94

Uniqueness

Uniqueness Score: -1.00%

Function 00163A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON

Download Yara Rule

APIs

Part of subcall function 001048AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001048A1,?,?,001037C0,?), ref: 001048CE

Part of subcall function 00164CD3: GetFileAttributesW.KERNEL32(?,00163947), ref: 00164CD4

FindFirstFileW.KERNEL32(?,?), ref: 00163ADF
DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00163B87
MoveFileW.KERNEL32(?,?), ref: 00163B9A
DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00163BB7
FindNextFileW.KERNEL32(00000000,00000010), ref: 00163BD9
FindClose.KERNEL32(00000000,?,?,?,?), ref: 00163BF5

Strings

\*.*, xrefs: 00163A8A, 00163A93, 00163AA8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 4002782344-1173974218
Opcode ID: 604ac2e13f72fbad493719b6c09992ef8d49f5cf9716f66b825a535e5e24f639
Instruction ID: 5fb92a8cd024e9d97d3032704280881c62579f9b639668da4bf5b8f454fa5766
Opcode Fuzzy Hash: 604ac2e13f72fbad493719b6c09992ef8d49f5cf9716f66b825a535e5e24f639
Instruction Fuzzy Hash: 73519F3180114D9BCF15EBA0CE929EEB7B9AF24300F6441A9E492770D1EF716F19CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0016F65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 0016F6AB
Sleep.KERNEL32(0000000A), ref: 0016F6DB
_wcscmp.LIBCMT ref: 0016F6EF
_wcscmp.LIBCMT ref: 0016F70A
FindNextFileW.KERNEL32(?,?), ref: 0016F7A8
FindClose.KERNEL32(00000000), ref: 0016F7BE

Strings

*.*, xrefs: 0016F690

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
String ID: *.*
API String ID: 713712311-438819550
Opcode ID: cbe2e01856c38f595cb309bf241e9e941529a65deefe103f4756f2ec3a6bd714
Instruction ID: ed51f93d1d4cf29abb55bbce9f51e7e87018919a529a54f1dd99b71691c44bb0
Opcode Fuzzy Hash: cbe2e01856c38f595cb309bf241e9e941529a65deefe103f4756f2ec3a6bd714
Instruction Fuzzy Hash: 15417F7190121E9FCF15DF64DC85AEEBBB4FF15310F14456AE815A31A0DB309E95CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00114140 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1132COMMON

Download Yara Rule

Strings

ERCP, xrefs: 0011421F
VUUU, xrefs: 00114520
VUUU, xrefs: 001144ED
VUUU, xrefs: 001144DB
VUUU, xrefs: 00147B0C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID: ERCP$VUUU$VUUU$VUUU$VUUU
API String ID: 0-1546025612
Opcode ID: 8c48bf49f7bcf4fc940a93485d459285c404afc5bb950fbc3cce165e804038a9
Instruction ID: d045ccd4505328b347132d3fb9602175501ba50fbdd8634a8aa5f93e56453d98
Opcode Fuzzy Hash: 8c48bf49f7bcf4fc940a93485d459285c404afc5bb950fbc3cce165e804038a9
Instruction Fuzzy Hash: 8BA27D74E0421ACBDF28CF58C9907EDB7B1BF54714F2581AAE85AA7290E7309EC5CB50

Uniqueness

Uniqueness Score: -1.00%

Function 001158C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00115A05
_memmove.LIBCMT ref: 00115A55
_memmove.LIBCMT ref: 00115ABB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: ed5bad479062d8621c4100e1fc467171faf5afbff31f5c75bb0d3e2f679611cc
Instruction ID: f32a310d4abae6d28f564217d633e52c5cb98dd1d307c5026f86a66554dc4ade
Opcode Fuzzy Hash: ed5bad479062d8621c4100e1fc467171faf5afbff31f5c75bb0d3e2f679611cc
Instruction Fuzzy Hash: 8212BC70A00609EFDF08DFA4D981AEEB7F6FF58300F104229E856A7291EB35AD55CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0016545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00158CC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00158D0D
Part of subcall function 00158CC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00158D3A
Part of subcall function 00158CC3: GetLastError.KERNEL32 ref: 00158D47

ExitWindowsEx.USER32(?,00000000), ref: 0016549B

Strings

SeShutdownPrivilege, xrefs: 0016546B
, xrefs: 00165489
@, xrefs: 0016548E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $@$SeShutdownPrivilege
API String ID: 2234035333-194228
Opcode ID: 816f955922ced9a5e18b24a83d0894eff672a33fd1f04a095940a1404f157a5d
Instruction ID: eca9af3608324afbad15e6fa7f4bef564d289f979c94069dbc2f3f7796258bef
Opcode Fuzzy Hash: 816f955922ced9a5e18b24a83d0894eff672a33fd1f04a095940a1404f157a5d
Instruction Fuzzy Hash: 7E014731654A016AE72C6374EC4ABBA729AEB04343F2401A4FC56E60D2FF504CA082A0

Uniqueness

Uniqueness Score: -1.00%

Function 00176596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 001765EF
WSAGetLastError.WSOCK32(00000000), ref: 001765FE
bind.WSOCK32(00000000,?,00000010), ref: 0017661A
listen.WSOCK32(00000000,00000005), ref: 00176629
WSAGetLastError.WSOCK32(00000000), ref: 00176643
closesocket.WSOCK32(00000000,00000000), ref: 00176657

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorLast$bindclosesocketlistensocket
String ID:
API String ID: 1279440585-0
Opcode ID: dd43604414cfbb5526881a9fab788900bcc1ecfee97cf20069779648a9ebc681
Instruction ID: fdebc3dedb5dd75bb8558132ee41da9c58b5746d3bf5c59f4e898bd13067b7fc
Opcode Fuzzy Hash: dd43604414cfbb5526881a9fab788900bcc1ecfee97cf20069779648a9ebc681
Instruction Fuzzy Hash: A121B1306006109FDB10EF64C849B6EB7B9EF45320F248159F95AE73D2CB70AE41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00115680 Relevance: 8.0, APIs: 5, Instructions: 516COMMON

Download Yara Rule

APIs

Part of subcall function 00120FF6: std::exception::exception.LIBCMT ref: 0012102C
Part of subcall function 00120FF6: __CxxThrowException@8.LIBCMT ref: 00121041

_memmove.LIBCMT ref: 0015062F
_memmove.LIBCMT ref: 00150744
_memmove.LIBCMT ref: 001507EB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove$Exception@8Throwstd::exception::exception
String ID:
API String ID: 1300846289-0
Opcode ID: 621e11093593173705fef7cf09fb491cc9a54ef609e91f88202445de749e174e
Instruction ID: 784994d5a84f28a8571e52f7c99c019e79a0ae4b4ca52db3562223538978f2bf
Opcode Fuzzy Hash: 621e11093593173705fef7cf09fb491cc9a54ef609e91f88202445de749e174e
Instruction Fuzzy Hash: 3302BE70E00209DFCF09DF64D991AAEBBB5EF98300F158069E846DB295EB31DA54CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00101287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

DefDlgProcW.USER32(?,?,?,?,?), ref: 001019FA
GetSysColor.USER32(0000000F), ref: 00101A4E
SetBkColor.GDI32(?,00000000), ref: 00101A61

Part of subcall function 00101290: DefDlgProcW.USER32(?,00000020,?), ref: 001012D8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ColorProc$LongWindow
String ID:
API String ID: 3744519093-0
Opcode ID: 8b2d26bf89d712f0f09f3a903bf8c7b80319406335c446a940b339b5fc2006a9
Instruction ID: 1432ea44cb4925a9af7f447b11111978154d6989a48fcd1351c438ad53e8a240
Opcode Fuzzy Hash: 8b2d26bf89d712f0f09f3a903bf8c7b80319406335c446a940b339b5fc2006a9
Instruction Fuzzy Hash: F1A17870209584FAE63DABA88C88EBF399DDB41345F25010AF582D71D2DFACCE4193B1

Uniqueness

Uniqueness Score: -1.00%

Function 00176A5A Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON

Download Yara Rule

APIs

Part of subcall function 001780A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 001780CB

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00176AB1
WSAGetLastError.WSOCK32(00000000), ref: 00176ADA
bind.WSOCK32(00000000,?,00000010), ref: 00176B13
WSAGetLastError.WSOCK32(00000000), ref: 00176B20
closesocket.WSOCK32(00000000,00000000), ref: 00176B34

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorLast$bindclosesocketinet_addrsocket
String ID:
API String ID: 99427753-0
Opcode ID: cf13d62be2841cf1cb63984554277d605d9746a2a216ea022976552075b8512c
Instruction ID: 1f8fa480d170cc78d4314918a830fe919474765f4cf1ec744be62cd8a89b2820
Opcode Fuzzy Hash: cf13d62be2841cf1cb63984554277d605d9746a2a216ea022976552075b8512c
Instruction Fuzzy Hash: 6C41D675700610AFEB10AF68DC96F6E77A8DB54720F44805CF99AAB3C3DBB09D018791

Uniqueness

Uniqueness Score: -1.00%

Function 001855FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 0018564C
IsWindowEnabled.USER32 ref: 0018565A
GetForegroundWindow.USER32(?,?,00000001), ref: 00185667
IsIconic.USER32 ref: 00185675
IsZoomed.USER32 ref: 00185683

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 37f9344b0ddb337f6f190c0af2208e376d99e060eb4eb553da213f4193462bca
Instruction ID: 6896ccf6bf928ca37c137550b8288ffba14fd9c1a2770cd3abbde49a36f5bc82
Opcode Fuzzy Hash: 37f9344b0ddb337f6f190c0af2208e376d99e060eb4eb553da213f4193462bca
Instruction Fuzzy Hash: F711C471300911AFE7212F26DC44B6F7B9AEF54761B914039F846D7241EB709B428FA4

Uniqueness

Uniqueness Score: -1.00%

Function 0016C602 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0016C69D
CoCreateInstance.OLE32(00192D6C,00000000,00000001,00192BDC,?), ref: 0016C6B5

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

CoUninitialize.OLE32 ref: 0016C922

Strings

.lnk, xrefs: 0016C631, 0016C659, 0016C663

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_memmove
String ID: .lnk
API String ID: 2683427295-24824748
Opcode ID: 5ce42500c6dbbd851b58126a104f9a1acc3ea7f475851aefc5838fa445bf9d39
Instruction ID: 88c5d3659e85fb92df6dcfb556db94b28a178cf25a1777835d98d37788bcb21b
Opcode Fuzzy Hash: 5ce42500c6dbbd851b58126a104f9a1acc3ea7f475851aefc5838fa445bf9d39
Instruction Fuzzy Hash: B9A11C71204205AFD700EF54C891EABB7ECEF98704F00495DF1969B1D2DBB1EA49CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0017C304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00141D88,?), ref: 0017C312
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0017C324

Strings

GetSystemWow64DirectoryW, xrefs: 0017C31E
kernel32.dll, xrefs: 0017C30D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetSystemWow64DirectoryW$kernel32.dll
API String ID: 2574300362-1816364905
Opcode ID: 6c42bb8c52ef91d4c1fe7e1cbf32702961453dda456074d723ff3fe9e5811311
Instruction ID: 3566e3611cbe9897078fc109b7ebb200499d3634a0a0da72730dccee940b8008
Opcode Fuzzy Hash: 6c42bb8c52ef91d4c1fe7e1cbf32702961453dda456074d723ff3fe9e5811311
Instruction Fuzzy Hash: BDE01275604713CFDB205F25D848A9676F4FF08755F80C43DE899D2650E770D882CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00113190 Relevance: 6.6, APIs: 4, Instructions: 587COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __itow__swprintf
String ID:
API String ID: 674341424-0
Opcode ID: 2372b8452239a6768d724dc71299a2ba5a600df6730babe16e95334ecdc2fa56
Instruction ID: a822e23fc06cbf7cae912a53b6498875ba5631557a38e15bcdf61ba72cb52fc0
Opcode Fuzzy Hash: 2372b8452239a6768d724dc71299a2ba5a600df6730babe16e95334ecdc2fa56
Instruction Fuzzy Hash: CF22AE716083019FC728DF24C891BAFB7E5BF94714F10492DF8A697292DB70EA44CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0017F121 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0017F151
Process32FirstW.KERNEL32(00000000,?), ref: 0017F15F

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Process32NextW.KERNEL32(00000000,?), ref: 0017F21F
CloseHandle.KERNEL32(00000000,?,?,?), ref: 0017F22E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
String ID:
API String ID: 2576544623-0
Opcode ID: 69f6d9f4de37b81c2be857e487b87d656022daf5ad02bc4e1ff201c77bb235e6
Instruction ID: 0f6d92e95d576c8d6cc795fbcf83a45b134ee8b1e7cb95674900c9f2efd9d18d
Opcode Fuzzy Hash: 69f6d9f4de37b81c2be857e487b87d656022daf5ad02bc4e1ff201c77bb235e6
Instruction Fuzzy Hash: 44516E71508311AFD310EF24DC85E6BB7E8FFA8710F50482DF49597292EBB0AA05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0015EB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 0015EB19

Strings

|, xrefs: 0015EB49
(, xrefs: 0015EB5F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 3c5d480d7dd3e9cc3bc4833dd1498e513a7517ec1d90b5e4464d39341b62a6ef
Instruction ID: 815910aa4a29597841e50c8d577cb34339bb6eddb7e22371c9dbb71465699270
Opcode Fuzzy Hash: 3c5d480d7dd3e9cc3bc4833dd1498e513a7517ec1d90b5e4464d39341b62a6ef
Instruction Fuzzy Hash: E1321575A00605DFDB28CF19D481A6AB7F1FF48311B15C56EE8AADB3A1EB70E941CB40

Uniqueness

Uniqueness Score: -1.00%

Function 001725E2 Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 001726D5
InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 0017270C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Internet$AvailableDataFileQueryRead
String ID:
API String ID: 599397726-0
Opcode ID: 963bf7e65f89a49422f27c85406d0388a4920cdf94b4a2e63a4dd661bf599450
Instruction ID: c7c9b21530408b50af6c241ed58b5612f2c51b87634794d4ab72b8dde397b618
Opcode Fuzzy Hash: 963bf7e65f89a49422f27c85406d0388a4920cdf94b4a2e63a4dd661bf599450
Instruction Fuzzy Hash: 7441F671A00209BFEB24DE94DD85EBBB7FCEB50714F10806EFA09A6140EB719E429754

Uniqueness

Uniqueness Score: -1.00%

Function 0016B59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0016B5AE
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0016B608
SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0016B655

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 79765a60e0b5a61b62906c736bb7d730ba2c26d8f1b51019f4625b457a2e7b72
Instruction ID: ca089a1d7a39acc15a6ffba8aa0be9e0adc7930a543b89cdd04b6ac3ecf69ac4
Opcode Fuzzy Hash: 79765a60e0b5a61b62906c736bb7d730ba2c26d8f1b51019f4625b457a2e7b72
Instruction Fuzzy Hash: 83216D35A00118EFCB00EFA5DCC4AAEBBB8FF59314F1480A9E845EB351DB31A956CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00158CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00120FF6: std::exception::exception.LIBCMT ref: 0012102C
Part of subcall function 00120FF6: __CxxThrowException@8.LIBCMT ref: 00121041

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00158D0D
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00158D3A
GetLastError.KERNEL32 ref: 00158D47

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
String ID:
API String ID: 1922334811-0
Opcode ID: 242d583064d592d7d62bebc92834a27a2224644c04e496563aeb79bfdbfbd0c3
Instruction ID: 89412e8112d412f9c0d9d8e8db779cde992229f0a44107d58fee52b16807b7f2
Opcode Fuzzy Hash: 242d583064d592d7d62bebc92834a27a2224644c04e496563aeb79bfdbfbd0c3
Instruction Fuzzy Hash: 9F11C1B1414208AFD728DF54EC85D6BB7FDFB14711B20852EF85697641EF30AC418B60

Uniqueness

Uniqueness Score: -1.00%

Function 00164021 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 0016404B
DeviceIoControl.KERNEL32(00000000,002D1400,00000007,0000000C,?,0000000C,?,00000000), ref: 00164088
CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00164091

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 009f2cfdf98ed641cf39444a031ab35e7cd26432c7fed7fc93c9396aadcde529
Instruction ID: d7044ba8b778ffd207ffd30f20408d9a8e5853a96dab0386e353cbde759284a3
Opcode Fuzzy Hash: 009f2cfdf98ed641cf39444a031ab35e7cd26432c7fed7fc93c9396aadcde529
Instruction Fuzzy Hash: 4C1130B1904229BFE7109BE8DC48FABBBBCEB08750F10065ABE05E7191D2745A5587A1

Uniqueness

Uniqueness Score: -1.00%

Function 00164C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00164C2C
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00164C43
FreeSid.ADVAPI32(?), ref: 00164C53

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: 3538ce1cb7eaf00cd7ac97dd31c9d8637d6671f6d60d101cd6052f3fae67fbaa
Instruction ID: b434ec89e94fed620804afcb66b5715ebec50ce87a38afa849c991ba1fa118fa
Opcode Fuzzy Hash: 3538ce1cb7eaf00cd7ac97dd31c9d8637d6671f6d60d101cd6052f3fae67fbaa
Instruction Fuzzy Hash: 0AF03775A11308BFDB04DFE09C89AAEBBB9EB08201F1044A9B901E2681E7746A548B50

Uniqueness

Uniqueness Score: -1.00%

Function 0010E060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd325f4c930977771f81370fb2d58001dc5cb5e54e469b9f00cd62a57c8d46c
Instruction ID: a675ef2faa6e39e65d1c17c301673b3044dfabd28792e2b13efd4a8a948a892b
Opcode Fuzzy Hash: 8cd325f4c930977771f81370fb2d58001dc5cb5e54e469b9f00cd62a57c8d46c
Instruction Fuzzy Hash: B522B274A00215DFDB28DF55C490ABEBBF0FF18300F148969E896AB391D7B4AD85CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0016C93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 0016C966
FindClose.KERNEL32(00000000), ref: 0016C996

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 6a308c8a5cc00329ade1bc12fbe794f6aa20a89987b903c89414ecf40b0858a1
Instruction ID: cbd088486448ff29759c7f834294952103348465a916f7ded92cb769cc376da4
Opcode Fuzzy Hash: 6a308c8a5cc00329ade1bc12fbe794f6aa20a89987b903c89414ecf40b0858a1
Instruction Fuzzy Hash: 7911C4326102109FD710EF29C845A2AF7E9FF94324F00855EF8A9DB291DB70AD01CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0016A2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0017977D,?,0018FB84,?), ref: 0016A302
FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0017977D,?,0018FB84,?), ref: 0016A314

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 7ab9b5d4fe6426168c0b2acf71cc29527481a32535da59343efad6219cd580d1
Instruction ID: d35239478c0aabdc0793e4ee74d336de886fe5062d61bd5a539a17931106fad0
Opcode Fuzzy Hash: 7ab9b5d4fe6426168c0b2acf71cc29527481a32535da59343efad6219cd580d1
Instruction Fuzzy Hash: 66F0823554422DBBDB109FA4CC48FEA776DBF19761F004169B918D6281DB709A50CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00158713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00158851), ref: 00158728
CloseHandle.KERNEL32(?,?,00158851), ref: 0015873A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 70093d1d2092b26ed932c6557950a863961f549eb7900689e7c400befb259783
Instruction ID: 24fbde802faec0bd515f60d6a64cac0848213c2a0b9613aabba9e30148b91304
Opcode Fuzzy Hash: 70093d1d2092b26ed932c6557950a863961f549eb7900689e7c400befb259783
Instruction Fuzzy Hash: 82E0B676010650EEE7252B60FC09D777BA9EB14351724882DB89680870DB62ACE1DB10

Uniqueness

Uniqueness Score: -1.00%

Function 0012A395 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00128F97,?,?,?,00000001), ref: 0012A39A
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 0012A3A3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8462f7f80e84232a7a962602401aaef368c1ddf7f06ff2e53fa4a801c0eb4814
Instruction ID: 5c375ac92542d30bd9d7040cb99967757107f493819b812df98e5abe9b87d531
Opcode Fuzzy Hash: 8462f7f80e84232a7a962602401aaef368c1ddf7f06ff2e53fa4a801c0eb4814
Instruction Fuzzy Hash: 19B09231254308ABCA002B91EC09B883F68FB46AA2F404024FA0D84860CB625692CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0012F419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d06c082ed712828c2563031d709e696ea9765fc3d4958b124561a287ccd3f28
Instruction ID: 991545e8225c3cf41766e9e15719e39d5fdfa0497368020fc2c5026de16804c9
Opcode Fuzzy Hash: 8d06c082ed712828c2563031d709e696ea9765fc3d4958b124561a287ccd3f28
Instruction Fuzzy Hash: 04322426D29F114DD7239634E832336A258AFB73D4F15D73BE81AB5DA6EB28C4D34100

Uniqueness

Uniqueness Score: -1.00%

Function 0013267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b8a0bc7ff3a8c95fe2ea31173f52d52cf9a8f6099918b18a4338ed006fc207e
Instruction ID: 39b7d27ee6aaa18b12c6fbb816bebface8712bcf2775606b108527a1f7b3a4d5
Opcode Fuzzy Hash: 1b8a0bc7ff3a8c95fe2ea31173f52d52cf9a8f6099918b18a4338ed006fc207e
Instruction Fuzzy Hash: 64B1EF20D2AF414DD623A6398831336BA8CBFBB6C5F91D71BFC2670D22EB2185C34181

Uniqueness

Uniqueness Score: -1.00%

Function 00168B13 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 00168B25

Part of subcall function 0012543A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,001691F8,00000000,?,?,?,?,001693A9,00000000,?), ref: 00125443
Part of subcall function 0012543A: __aulldiv.LIBCMT ref: 00125463

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Time$FileSystem__aulldiv__time64
String ID:
API String ID: 2893107130-0
Opcode ID: 3b5caf50de9dde4a8fb7bd759de8d907135a81632fb6e56f18bc90f3b5f79fb0
Instruction ID: 5356957cc308d73b6002a99841e929babb12fc8de3fc9dc93c8b3a2c70325618
Opcode Fuzzy Hash: 3b5caf50de9dde4a8fb7bd759de8d907135a81632fb6e56f18bc90f3b5f79fb0
Instruction Fuzzy Hash: C021DF726296108BC329CF29D841A52B7E1EBA4321B288F6CD0E5CB2D0CB74B945CB94

Uniqueness

Uniqueness Score: -1.00%

Function 001741FD Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00174218

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 34d0d968dea750c87b8c805ab0f53f4688b10f409cc85d07a129784866a0e150
Instruction ID: 7fbde9a6d1596d9695d83a778f0c0fa618e41a1074fe0656bfd61babffe27a64
Opcode Fuzzy Hash: 34d0d968dea750c87b8c805ab0f53f4688b10f409cc85d07a129784866a0e150
Instruction Fuzzy Hash: 83E048352401149FD710EF59E444A5AF7E8AF64760F01C015FC49C7353DBB0E8418B91

Uniqueness

Uniqueness Score: -1.00%

Function 00164EC9 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00164EEC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: d33b91df6dfe5e01d665bf803a71a7db677e65f97fc045321b18178c4653d0b1
Instruction ID: eda634ed857af2bec8d751d9f62e4f513c6ef47087782d9946078722063ebf68
Opcode Fuzzy Hash: d33b91df6dfe5e01d665bf803a71a7db677e65f97fc045321b18178c4653d0b1
Instruction Fuzzy Hash: 59D05EA91606053BEC2C4B249C5FFB70108F301782FD0414AB142890C1DADA6C715030

Uniqueness

Uniqueness Score: -1.00%

Function 00158C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

LogonUserW.ADVAPI32(?,00000001,?,?,00000000,001588D1), ref: 00158CB3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: LogonUser
String ID:
API String ID: 1244722697-0
Opcode ID: a1e58a88ccbc519e9ceffe8f966b44adbeec733b4ecea72131878dfac0a9ec08
Instruction ID: 2192d033213414aa5a1b77d4207b4f4e4203503554913ecb53791bb2d5e58468
Opcode Fuzzy Hash: a1e58a88ccbc519e9ceffe8f966b44adbeec733b4ecea72131878dfac0a9ec08
Instruction Fuzzy Hash: B4D05E3226050EAFEF018EA4DC05EAE3B6AEB04B01F408111FE15D50A1C775D935AB60

Uniqueness

Uniqueness Score: -1.00%

Function 00142230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00142242

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: bbd1b55f7d623f95b155718de52a0c0d0993cf72efa44dda7103253160ab8171
Instruction ID: 535c4cdfd6c368206c4271dacfbb1fcc5541157d4d80fbcf7de57f3791ac001a
Opcode Fuzzy Hash: bbd1b55f7d623f95b155718de52a0c0d0993cf72efa44dda7103253160ab8171
Instruction Fuzzy Hash: 2EC04CF1800109DBDB05DB90D988DEE77BCAB04305F104055A101F2110D7749B848B71

Uniqueness

Uniqueness Score: -1.00%

Function 0012A364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 0012A36A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 75fc97d606258015a81c51551b40afe92f46812d131321564a3dcbd4622d1720
Instruction ID: a16a92a218cf4eda105c75c4f789c5796a1a3c3598c7eea21cd57ce2aac89f52
Opcode Fuzzy Hash: 75fc97d606258015a81c51551b40afe92f46812d131321564a3dcbd4622d1720
Instruction Fuzzy Hash: 97A0123000010CA78A001B41EC044447F5CE7011907004020F80C80421873255518680

Uniqueness

Uniqueness Score: -1.00%

Function 00118A0E Relevance: .6, Instructions: 608COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1205fec95af4ee98db854c645c4b7bb5fb6bd3c4c17bbadf9fa22aa41533045b
Instruction ID: 4afe3adf4bd1b05b94a9d0ed0540f6fa0622857f703dfd07846aee58cb0931a0
Opcode Fuzzy Hash: 1205fec95af4ee98db854c645c4b7bb5fb6bd3c4c17bbadf9fa22aa41533045b
Instruction Fuzzy Hash: 85222430905656CBDF2C8B28C4A47FE77A2EB41315F69C47AD8628F691DB309DC5CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00122405 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction ID: bd0908b0e2c891335f9d58ddacae1d1939d9ebb28b6e3ae7dafb14636b108370
Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction Fuzzy Hash: 0DC173322051B319DB2DC639A53413EBAE15EA27B131A076DE8B3CB5D5EF20D578D720

Uniqueness

Uniqueness Score: -1.00%

Function 0012283A Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction ID: 5658cc668fc0baf7a86c1e0bfc956197678abbddd036a503f55e6d7f61f7b0eb
Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction Fuzzy Hash: 4BC185322051B31ADF2D8639A53413EBBE15BA27B131A076DE4B2DB5D4EF20D578D720

Uniqueness

Uniqueness Score: -1.00%

Function 00177B1B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00177B70
DeleteObject.GDI32(00000000), ref: 00177B82
DestroyWindow.USER32 ref: 00177B90
GetDesktopWindow.USER32 ref: 00177BAA
GetWindowRect.USER32(00000000), ref: 00177BB1
SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00177CF2
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00177D02
CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177D4A
GetClientRect.USER32(00000000,?), ref: 00177D56
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00177D90
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177DB2
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177DC5
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177DD0
GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177DD9
ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177DE8
GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177DF1
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177DF8
GlobalFree.KERNEL32(00000000), ref: 00177E03
CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177E15
OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00192CAC,00000000), ref: 00177E2B
GlobalFree.KERNEL32(00000000), ref: 00177E3B
CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00177E61
SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00177E80
SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00177EA2
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0017808F

Strings

static, xrefs: 00177D8A, 00177EE1
AutoIt v3, xrefs: 00177D42
DISPLAY, xrefs: 00177EF2
, xrefs: 00178015

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 5eddc23a96fbe03507be148bb54cff3445d6d074d1e4a44652f052e802819351
Instruction ID: 1b89ac2b44ea76b2dca58fd555dfdb937db25ff470e15d6b7b0360a244ea94b4
Opcode Fuzzy Hash: 5eddc23a96fbe03507be148bb54cff3445d6d074d1e4a44652f052e802819351
Instruction Fuzzy Hash: DC026C71900215EFDB14DFA4CD99EAEBBB9FF48310F148159F919AB2A1CB70AD41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 001837F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,0018F910), ref: 001838AF
IsWindowVisible.USER32(?), ref: 001838D3

Strings

GETLINE, xrefs: 00183C23
GETCURRENTCOL, xrefs: 00183BB0
ISCHECKED, xrefs: 00183AC1
EDITPASTE, xrefs: 00183BE7
ISVISIBLE, xrefs: 001838BF
UNCHECK, xrefs: 00183B0B
ISENABLED, xrefs: 001838F3
FINDSTRING, xrefs: 001839FE
TABRIGHT, xrefs: 00183925
GETCURRENTSELECTION, xrefs: 00183A6B
DELSTRING, xrefs: 001839D1
CHECK, xrefs: 00183AF5
HIDEDROPDOWN, xrefs: 00183988
TABLEFT, xrefs: 0018390F
ADDSTRING, xrefs: 0018399E
CURRENTTAB, xrefs: 00183945
SETCURRENTSELECTION, xrefs: 00183A3E
GETCURRENTLINE, xrefs: 00183B75
SHOWDROPDOWN, xrefs: 00183968
SELECTSTRING, xrefs: 00183A8E
GETSELECTED, xrefs: 00183B2B
GETLINECOUNT, xrefs: 00183B4E
SENDCOMMANDID, xrefs: 00183C62

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharUpperVisibleWindow
String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
API String ID: 4105515805-45149045
Opcode ID: de0e57807a0b61fc237185fb92cf65356f3f5e0872cd54043619b6455b5ba59a
Instruction ID: 914e5ba6bc9eb3c4ed5ca816f3970a4ceda8ad4e159f29f069536bab750e6b26
Opcode Fuzzy Hash: de0e57807a0b61fc237185fb92cf65356f3f5e0872cd54043619b6455b5ba59a
Instruction Fuzzy Hash: F8D19F30204215CFCB14FF50C591AAA77A1AFA8754F194558F8A66B6E3CB71EF0ACF81

Uniqueness

Uniqueness Score: -1.00%

Function 0018A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0018A89F
GetSysColorBrush.USER32(0000000F), ref: 0018A8D0
GetSysColor.USER32(0000000F), ref: 0018A8DC
SetBkColor.GDI32(?,000000FF), ref: 0018A8F6
SelectObject.GDI32(?,?), ref: 0018A905
InflateRect.USER32(?,000000FF,000000FF), ref: 0018A930
GetSysColor.USER32(00000010), ref: 0018A938
CreateSolidBrush.GDI32(00000000), ref: 0018A93F
FrameRect.USER32(?,?,00000000), ref: 0018A94E
DeleteObject.GDI32(00000000), ref: 0018A955
InflateRect.USER32(?,000000FE,000000FE), ref: 0018A9A0
FillRect.USER32(?,?,?), ref: 0018A9D2
GetWindowLongW.USER32(?,000000F0), ref: 0018A9FD

Part of subcall function 0018AB60: GetSysColor.USER32(00000012), ref: 0018AB99
Part of subcall function 0018AB60: SetTextColor.GDI32(?,?), ref: 0018AB9D
Part of subcall function 0018AB60: GetSysColorBrush.USER32(0000000F), ref: 0018ABB3
Part of subcall function 0018AB60: GetSysColor.USER32(0000000F), ref: 0018ABBE
Part of subcall function 0018AB60: GetSysColor.USER32(00000011), ref: 0018ABDB
Part of subcall function 0018AB60: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0018ABE9
Part of subcall function 0018AB60: SelectObject.GDI32(?,00000000), ref: 0018ABFA
Part of subcall function 0018AB60: SetBkColor.GDI32(?,00000000), ref: 0018AC03
Part of subcall function 0018AB60: SelectObject.GDI32(?,?), ref: 0018AC10
Part of subcall function 0018AB60: InflateRect.USER32(?,000000FF,000000FF), ref: 0018AC2F
Part of subcall function 0018AB60: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0018AC46
Part of subcall function 0018AB60: GetWindowLongW.USER32(00000000,000000F0), ref: 0018AC5B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: e5c2b172f4316209687508b8e07a72bf44dcdc0c423731994354e4d0caf10c36
Instruction ID: f4e5a97df9bfbb67b8618bfc8c0811a7bb3c7e1f422de7868c0fef3f1c5b4828
Opcode Fuzzy Hash: e5c2b172f4316209687508b8e07a72bf44dcdc0c423731994354e4d0caf10c36
Instruction Fuzzy Hash: ECA1AF72408301AFD710AF64DC08A5B7BA9FF89321F504A2EF962D65A0D774DA86CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00102C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?), ref: 00102CA2
DeleteObject.GDI32(00000000), ref: 00102CE8
DeleteObject.GDI32(00000000), ref: 00102CF3
DestroyIcon.USER32(00000000,?,?,?), ref: 00102CFE
DestroyWindow.USER32(00000000,?,?,?), ref: 00102D09
SendMessageW.USER32(?,00001308,?,00000000), ref: 0013C68B
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0013C6C4
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0013CAED

Part of subcall function 00101B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00102036,?,00000000,?,?,?,?,001016CB,00000000,?), ref: 00101B9A

SendMessageW.USER32(?,00001053), ref: 0013CB2A
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0013CB41
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0013CB57
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0013CB62

Strings

0, xrefs: 0013C981

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
String ID: 0
API String ID: 464785882-4108050209
Opcode ID: dc70827371e7a34658989a97bd1181f864ef130f083dda5163e9701aedd1e3a8
Instruction ID: 7775f7ab834ab5a0db4d552b4f2f8577835551bf887b466ffb96e87e68d771b2
Opcode Fuzzy Hash: dc70827371e7a34658989a97bd1181f864ef130f083dda5163e9701aedd1e3a8
Instruction Fuzzy Hash: E212BE30600201EFDB24CF24C988BA9BBE5FF45314F544569F899EB6A2C771ED92CB91

Uniqueness

Uniqueness Score: -1.00%

Function 001777BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 001777F1
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 001778B0
SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 001778EE
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00177900
CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00177946
GetClientRect.USER32(00000000,?), ref: 00177952
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00177996
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 001779A5
GetStockObject.GDI32(00000011), ref: 001779B5
SelectObject.GDI32(00000000,00000000), ref: 001779B9
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 001779C9
GetDeviceCaps.GDI32(00000000,0000005A), ref: 001779D2
DeleteDC.GDI32(00000000), ref: 001779DB
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00177A07
SendMessageW.USER32(00000030,00000000,00000001), ref: 00177A1E
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00177A59
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00177A6D
SendMessageW.USER32(00000404,00000001,00000000), ref: 00177A7E
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00177AAE
GetStockObject.GDI32(00000011), ref: 00177AB9
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00177AC4
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00177ACE

Strings

static, xrefs: 00177990, 00177AA8
msctls_progress32, xrefs: 00177A4F
AutoIt v3, xrefs: 0017793E
DISPLAY, xrefs: 0017799B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 8bb2794dff2fe8bc98d12970e65d73ae8ca876f563ee5a549495bfe68a0236cf
Instruction ID: 8730764a0bea093b903f801b88fadd3afab93e54586aaffc1a52d7181dbd2078
Opcode Fuzzy Hash: 8bb2794dff2fe8bc98d12970e65d73ae8ca876f563ee5a549495bfe68a0236cf
Instruction Fuzzy Hash: 09A17071A40205BFEB14DBA4DC4AFAE7BB9EF48714F108118FA15A76E0D7B0AD41CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0016AF7B Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0016AF89
GetDriveTypeW.KERNEL32(?,0018FAC0,?,\\.\,0018F910), ref: 0016B066
SetErrorMode.KERNEL32(00000000,0018FAC0,?,\\.\,0018F910), ref: 0016B1C4

Strings

\\.\, xrefs: 0016AFDB
iSCSI, xrefs: 0016B169
USB, xrefs: 0016B15B
Fibre, xrefs: 0016B154
Virtual, xrefs: 0016B18C
ATAPI, xrefs: 0016B138
SSA, xrefs: 0016B14D
ATA, xrefs: 0016B13F
FileBackedVirtual, xrefs: 0016B193
MMC, xrefs: 0016B185
Unknown, xrefs: 0016B086, 0016B12A
Fixed, xrefs: 0016B0AE
SSD, xrefs: 0016B0F1
Network, xrefs: 0016B0A4
SAS, xrefs: 0016B170
RAMDisk, xrefs: 0016B090
RAID, xrefs: 0016B162
SCSI, xrefs: 0016B131
PhysicalDrive, xrefs: 0016B012
Removable, xrefs: 0016B0B8
CDROM, xrefs: 0016B09A
1394, xrefs: 0016B146
SATA, xrefs: 0016B177

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 2f7484bba091050faabd005664895afe42a60f976fac3554ad08ed9df55ad4fe
Instruction ID: 82bb93672582c4d9e41f90a36f6652013b3c3f510e8a8d8bc00c9232fb5d3452
Opcode Fuzzy Hash: 2f7484bba091050faabd005664895afe42a60f976fac3554ad08ed9df55ad4fe
Instruction Fuzzy Hash: AD51A130A8C305BBCB18EB10DDE29BD77B1AF263417614055F40AE72D1DB76ADA2DB42

Uniqueness

Uniqueness Score: -1.00%

Function 00106A3C Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00106A91
__wcsnicmp.LIBCMT ref: 00106AA9
__wcsnicmp.LIBCMT ref: 00106AC1
__wcsnicmp.LIBCMT ref: 00106AD9
__wcsnicmp.LIBCMT ref: 00106AF1
__wcsnicmp.LIBCMT ref: 00106B09
__wcsnicmp.LIBCMT ref: 00106B21
__wcsnicmp.LIBCMT ref: 00106B35
__wcsnicmp.LIBCMT ref: 00106B76
__wcsnicmp.LIBCMT ref: 00106B8A
__wcsnicmp.LIBCMT ref: 00106B9E
__wcsnicmp.LIBCMT ref: 00106BB2

Strings

#OnAutoItStartRegister, xrefs: 00106AD3
Cannot parse #include, xrefs: 0013E819
#ce, xrefs: 00106BAC
#include, xrefs: 00106B03
#notrayicon, xrefs: 00106AA3
#comments-start, xrefs: 00106B1B, 00106B70
Bad directive syntax error, xrefs: 0013E743
Unterminated group of comments, xrefs: 0013E82C
#comments-end, xrefs: 00106B98
#cs, xrefs: 00106B2F, 00106B84
#include-once, xrefs: 00106AEB
#pragma compile, xrefs: 00106A8B
#requireadmin, xrefs: 00106ABB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __wcsnicmp
String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 1038674560-86951937
Opcode ID: ef4a895f2e99abae1e3d3d891889972bdcf6cbb985c9387a9989490dcbb07e14
Instruction ID: feaa10ee787ec59ae7ec48ea4754b9b23ceb970924a49c59b6331772fa72f82a
Opcode Fuzzy Hash: ef4a895f2e99abae1e3d3d891889972bdcf6cbb985c9387a9989490dcbb07e14
Instruction Fuzzy Hash: 1281E8B0740315BBCB24BB60DD82FAF7798AF25700F044025F985AB1C2EBB4EA65C691

Uniqueness

Uniqueness Score: -1.00%

Function 0018AB60 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 0018AB99
SetTextColor.GDI32(?,?), ref: 0018AB9D
GetSysColorBrush.USER32(0000000F), ref: 0018ABB3
GetSysColor.USER32(0000000F), ref: 0018ABBE
CreateSolidBrush.GDI32(?), ref: 0018ABC3
GetSysColor.USER32(00000011), ref: 0018ABDB
CreatePen.GDI32(00000000,00000001,00743C00), ref: 0018ABE9
SelectObject.GDI32(?,00000000), ref: 0018ABFA
SetBkColor.GDI32(?,00000000), ref: 0018AC03
SelectObject.GDI32(?,?), ref: 0018AC10
InflateRect.USER32(?,000000FF,000000FF), ref: 0018AC2F
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0018AC46
GetWindowLongW.USER32(00000000,000000F0), ref: 0018AC5B
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0018ACA7
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0018ACCE
InflateRect.USER32(?,000000FD,000000FD), ref: 0018ACEC
DrawFocusRect.USER32(?,?), ref: 0018ACF7
GetSysColor.USER32(00000011), ref: 0018AD05
SetTextColor.GDI32(?,00000000), ref: 0018AD0D
DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0018AD21
SelectObject.GDI32(?,0018A869), ref: 0018AD38
DeleteObject.GDI32(?), ref: 0018AD43
SelectObject.GDI32(?,?), ref: 0018AD49
DeleteObject.GDI32(?), ref: 0018AD4E
SetTextColor.GDI32(?,?), ref: 0018AD54
SetBkColor.GDI32(?,?), ref: 0018AD5E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: bee7a6dc87ff5dc22b52ccef4a09877d151d6a19f2cabd900dce65d075114e6d
Instruction ID: 402b187a6e3757971f6d1f998338715421107e50fa331d4f04b3e6538e2af582
Opcode Fuzzy Hash: bee7a6dc87ff5dc22b52ccef4a09877d151d6a19f2cabd900dce65d075114e6d
Instruction Fuzzy Hash: 23614F71900218EFDF119FA4DC48EAE7B79EF08320F25422AF915AB2A1D7759E41DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00188C44 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00188D34
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00188D45
CharNextW.USER32(0000014E), ref: 00188D74
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00188DB5
SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00188DCB
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00188DDC
SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00188DF9
SetWindowTextW.USER32(?,0000014E), ref: 00188E45
SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00188E5B
SendMessageW.USER32(?,00001002,00000000,?), ref: 00188E8C
_memset.LIBCMT ref: 00188EB1
SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00188EFA
_memset.LIBCMT ref: 00188F59
SendMessageW.USER32(?,00001053,000000FF,?), ref: 00188F83
SendMessageW.USER32(?,00001074,?,00000001), ref: 00188FDB
SendMessageW.USER32(?,0000133D,?,?), ref: 00189088
InvalidateRect.USER32(?,00000000,00000001), ref: 001890AA
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 001890F4
SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00189121
DrawMenuBar.USER32(?), ref: 00189130
SetWindowTextW.USER32(?,0000014E), ref: 00189158

Strings

0, xrefs: 001890C2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
String ID: 0
API String ID: 1073566785-4108050209
Opcode ID: f5478a9b9ab50668b9f6d7b94f373ac345d0315b5a2643d1a19cdcc285b2cafd
Instruction ID: 9fe55c2e91f50f4e3610700dbfc6bff52fe53a776af77091175d63e86ede2f35
Opcode Fuzzy Hash: f5478a9b9ab50668b9f6d7b94f373ac345d0315b5a2643d1a19cdcc285b2cafd
Instruction Fuzzy Hash: A8E18270900219BBDF20AF54CC88EFE7BB9EF15720F548259F915AA295DB708B81DF60

Uniqueness

Uniqueness Score: -1.00%

Function 00184B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00184C51
GetDesktopWindow.USER32 ref: 00184C66
GetWindowRect.USER32(00000000), ref: 00184C6D
GetWindowLongW.USER32(?,000000F0), ref: 00184CCF
DestroyWindow.USER32(?), ref: 00184CFB
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00184D24
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00184D42
SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00184D68
SendMessageW.USER32(?,00000421,?,?), ref: 00184D7D
SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00184D90
IsWindowVisible.USER32(?), ref: 00184DB0
SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00184DCB
SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00184DDF
GetWindowRect.USER32(?,?), ref: 00184DF7
MonitorFromPoint.USER32(?,?,00000002), ref: 00184E1D
GetMonitorInfoW.USER32(00000000,?), ref: 00184E37
CopyRect.USER32(?,?), ref: 00184E4E
SendMessageW.USER32(?,00000412,00000000), ref: 00184EB9

Strings

(, xrefs: 00184E2A
0, xrefs: 00184BFC
tooltips_class32, xrefs: 00184D1D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: ea8ebaf53afa9ca8ae3329b4c1e488ad16f9ad2b17a5183d2cf7265fd3f9df8c
Instruction ID: 3938fd4092defd2f631f3e5e706bbe77cb818fe7c8a114bf7820408d86f2f86a
Opcode Fuzzy Hash: ea8ebaf53afa9ca8ae3329b4c1e488ad16f9ad2b17a5183d2cf7265fd3f9df8c
Instruction Fuzzy Hash: CCB16A71604341AFDB04EF64C948B6ABBE4BF88314F008A1CF5999B2A1DB75ED45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 001027D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 001028BC
GetSystemMetrics.USER32(00000007), ref: 001028C4
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 001028EF
GetSystemMetrics.USER32(00000008), ref: 001028F7
GetSystemMetrics.USER32(00000004), ref: 0010291C
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00102939
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00102949
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0010297C
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00102990
GetClientRect.USER32(00000000,000000FF), ref: 001029AE
GetStockObject.GDI32(00000011), ref: 001029CA
SendMessageW.USER32(00000000,00000030,00000000), ref: 001029D5

Part of subcall function 00102344: GetCursorPos.USER32(?), ref: 00102357
Part of subcall function 00102344: ScreenToClient.USER32(001C67B0,?), ref: 00102374
Part of subcall function 00102344: GetAsyncKeyState.USER32(00000001), ref: 00102399
Part of subcall function 00102344: GetAsyncKeyState.USER32(00000002), ref: 001023A7

SetTimer.USER32(00000000,00000000,00000028,00101256), ref: 001029FC

Strings

AutoIt v3 GUI, xrefs: 00102974

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: e55e52bfbb640e32fbc5d28c457e6c56dc3b12157aa5c47745d0b326d0293c76
Instruction ID: fa7744ddba2f6a2263957fc2ed38bd122b94d5bd113ad7a5bf692d85241952bd
Opcode Fuzzy Hash: e55e52bfbb640e32fbc5d28c457e6c56dc3b12157aa5c47745d0b326d0293c76
Instruction Fuzzy Hash: B6B17B71A0020AEFDB14DFA8DC49BAE7BA4FB18314F108229FA55E76D0DB74E951CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00184069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 001840F6
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 001841B6

Strings

ISSELECTED, xrefs: 001841C1
VIEWCHANGE, xrefs: 00184375
GETSELECTEDCOUNT, xrefs: 00184199
SELECTCLEAR, xrefs: 00184235
GETTEXT, xrefs: 0018415F
GETITEMCOUNT, xrefs: 00184128
GETSUBITEMCOUNT, xrefs: 00184141
SELECT, xrefs: 00184250
SELECTINVERT, xrefs: 00184286
FINDITEM, xrefs: 00184329
DESELECT, xrefs: 001842A4
GETSELECTED, xrefs: 001842E4
SELECTALL, xrefs: 0018421D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 3974292440-719923060
Opcode ID: 6e73c906fd85329fc618a0fd173452f1d49c298208a51e8b61937aabc523fbe0
Instruction ID: 011184c355350c398ca4cafc2d6b12339d0b4f174bc953eda9c9742ebe731322
Opcode Fuzzy Hash: 6e73c906fd85329fc618a0fd173452f1d49c298208a51e8b61937aabc523fbe0
Instruction Fuzzy Hash: 4FA17E30214216DFCB14FF60C991A6AB3A6BFA4314F14496CB8A69B6D3DF70EE05CB51

Uniqueness

Uniqueness Score: -1.00%

Function 001752F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00175309
LoadCursorW.USER32(00000000,00007F8A), ref: 00175314
LoadCursorW.USER32(00000000,00007F00), ref: 0017531F
LoadCursorW.USER32(00000000,00007F03), ref: 0017532A
LoadCursorW.USER32(00000000,00007F8B), ref: 00175335
LoadCursorW.USER32(00000000,00007F01), ref: 00175340
LoadCursorW.USER32(00000000,00007F81), ref: 0017534B
LoadCursorW.USER32(00000000,00007F88), ref: 00175356
LoadCursorW.USER32(00000000,00007F80), ref: 00175361
LoadCursorW.USER32(00000000,00007F86), ref: 0017536C
LoadCursorW.USER32(00000000,00007F83), ref: 00175377
LoadCursorW.USER32(00000000,00007F85), ref: 00175382
LoadCursorW.USER32(00000000,00007F82), ref: 0017538D
LoadCursorW.USER32(00000000,00007F84), ref: 00175398
LoadCursorW.USER32(00000000,00007F04), ref: 001753A3
LoadCursorW.USER32(00000000,00007F02), ref: 001753AE
GetCursorInfo.USER32(?), ref: 001753BE
GetLastError.KERNEL32(00000001,00000000), ref: 001753E9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 219e3bdcd143e29cdf1f27490735c5202bc2df86ff5afd5d2c23db24ac952273
Instruction ID: 309bb90c9621e48e5f5cadfed69b4ed00166832aae0a9b6e3fa3600c6538199e
Opcode Fuzzy Hash: 219e3bdcd143e29cdf1f27490735c5202bc2df86ff5afd5d2c23db24ac952273
Instruction Fuzzy Hash: E4417370E08319AADB109FBA8C4986EFFF8EF51B50B10452FA509E7291DBB89501CE51

Uniqueness

Uniqueness Score: -1.00%

Function 0015AA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 0015AAA5
__swprintf.LIBCMT ref: 0015AB46
_wcscmp.LIBCMT ref: 0015AB59
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0015ABAE
_wcscmp.LIBCMT ref: 0015ABEA
GetClassNameW.USER32(?,?,00000400), ref: 0015AC21
GetDlgCtrlID.USER32(?), ref: 0015AC73
GetWindowRect.USER32(?,?), ref: 0015ACA9
GetParent.USER32(?), ref: 0015ACC7
ScreenToClient.USER32(00000000), ref: 0015ACCE
GetClassNameW.USER32(?,?,00000100), ref: 0015AD48
_wcscmp.LIBCMT ref: 0015AD5C
GetWindowTextW.USER32(?,?,00000400), ref: 0015AD82
_wcscmp.LIBCMT ref: 0015AD96

Part of subcall function 0012386C: _iswctype.LIBCMT ref: 00123874

Strings

%s%u, xrefs: 0015AB40

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
String ID: %s%u
API String ID: 3744389584-679674701
Opcode ID: 1dc50d54d0606d66cb9a96de697e8aa101511d5c3b627558b7c1073cf2b3f492
Instruction ID: b494d1b29b0a5a42f5290c0df2c9dfc0ef7d036657d67dcd9840fbad1c60470d
Opcode Fuzzy Hash: 1dc50d54d0606d66cb9a96de697e8aa101511d5c3b627558b7c1073cf2b3f492
Instruction Fuzzy Hash: 13A1C071244206EFD714EF64C884BAAB7E8FF04316F504729FDA9CA590D730EA59CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0015B397 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(00000008,?,00000400), ref: 0015B3DB
_wcscmp.LIBCMT ref: 0015B3EC
GetWindowTextW.USER32(00000001,?,00000400), ref: 0015B414
CharUpperBuffW.USER32(?,00000000), ref: 0015B431
_wcscmp.LIBCMT ref: 0015B44F
_wcsstr.LIBCMT ref: 0015B460
GetClassNameW.USER32(00000018,?,00000400), ref: 0015B498
_wcscmp.LIBCMT ref: 0015B4A8
GetWindowTextW.USER32(00000002,?,00000400), ref: 0015B4CF
GetClassNameW.USER32(00000018,?,00000400), ref: 0015B518
_wcscmp.LIBCMT ref: 0015B528
GetClassNameW.USER32(00000010,?,00000400), ref: 0015B550
GetWindowRect.USER32(00000004,?), ref: 0015B5B9

Strings

ThumbnailClass, xrefs: 0015B4A3, 0015B523
@, xrefs: 0015B3BC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
String ID: @$ThumbnailClass
API String ID: 1788623398-1539354611
Opcode ID: c45e53da5f63f53b087a1e49849965838e1f24ec02da7fc07557823f0af3b01a
Instruction ID: b4404e6f6ac6261a9bc3a12c3dec52b89c3e0870f546c486a16b5cc452a8d04f
Opcode Fuzzy Hash: c45e53da5f63f53b087a1e49849965838e1f24ec02da7fc07557823f0af3b01a
Instruction Fuzzy Hash: 8A81AB71008209DBDB14DF10C8C5FAA7BE8EF54316F148569FDA59E092EB34DE8ACB61

Uniqueness

Uniqueness Score: -1.00%

Function 0015B1E0 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 0015B23F

Strings

LAST, xrefs: 0015B204
[ACTIVE, xrefs: 0015B22C
[LAST, xrefs: 0015B2EC
HANDLE=, xrefs: 0015B238
[CLASS:, xrefs: 0015B28F
ALL, xrefs: 0015B2D3
[ALL, xrefs: 0015B2E5
[REGEXPTITLE:, xrefs: 0015B267
[HANDLE:, xrefs: 0015B24B
REGEXP=, xrefs: 0015B254
ACTIVE, xrefs: 0015B21A
CLASSNAME=, xrefs: 0015B27C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __wcsnicmp
String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
API String ID: 1038674560-1810252412
Opcode ID: 94ff12e201f1bc7677d618c5b2d2dbd38075e2d90ce5341c423c3ace382e2b71
Instruction ID: a344f9925a5c06034a4568c78f9c7392ad0e6a5cbe02cfbf378084ecea241bf8
Opcode Fuzzy Hash: 94ff12e201f1bc7677d618c5b2d2dbd38075e2d90ce5341c423c3ace382e2b71
Instruction Fuzzy Hash: 6B318631A48205E6DB14FB60DD83EEEB7A49F34751F600029F9A1760D1EFA17E19C961

Uniqueness

Uniqueness Score: -1.00%

Function 0015C4C1 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 0015C4D4
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0015C4E6
SetWindowTextW.USER32(?,?), ref: 0015C4FD
GetDlgItem.USER32(?,000003EA), ref: 0015C512
SetWindowTextW.USER32(00000000,?), ref: 0015C518
GetDlgItem.USER32(?,000003E9), ref: 0015C528
SetWindowTextW.USER32(00000000,?), ref: 0015C52E
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0015C54F
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0015C569
GetWindowRect.USER32(?,?), ref: 0015C572
SetWindowTextW.USER32(?,?), ref: 0015C5DD
GetDesktopWindow.USER32 ref: 0015C5E3
GetWindowRect.USER32(00000000), ref: 0015C5EA
MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0015C636
GetClientRect.USER32(?,?), ref: 0015C643
PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0015C668
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0015C693

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
String ID:
API String ID: 3869813825-0
Opcode ID: 7ec7bf3d4a1db3777699362ac3806c3ad2a88e497d5ed8578f89eeb896d39c85
Instruction ID: 3422403f606466f0116f666064770ec903e52d42784edfe93803941328d633de
Opcode Fuzzy Hash: 7ec7bf3d4a1db3777699362ac3806c3ad2a88e497d5ed8578f89eeb896d39c85
Instruction Fuzzy Hash: D3517070A00709EFDB20DFA8DD85B6EBBF5FF04705F10462CE692A65A0D774AA49CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0018A428 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0018A4C8
DestroyWindow.USER32(?,?), ref: 0018A542

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0018A5BC
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0018A5DE
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0018A5F1
DestroyWindow.USER32(00000000), ref: 0018A613
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00100000,00000000), ref: 0018A64A
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0018A663
GetDesktopWindow.USER32 ref: 0018A67C
GetWindowRect.USER32(00000000), ref: 0018A683
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0018A69B
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0018A6B3

Part of subcall function 001025DB: GetWindowLongW.USER32(?,000000EB), ref: 001025EC

Strings

0, xrefs: 0018A4DE
tooltips_class32, xrefs: 0018A5B5, 0018A643

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
String ID: 0$tooltips_class32
API String ID: 1297703922-3619404913
Opcode ID: dcd12790425d8e9a418c3a4ba291bf98d8a138fa5851ce51ff6686343c101e83
Instruction ID: 404c246cd9f33c2a2f7dba04ea106b5f798a5dbfb21ecd012f9df3f0a7cc15cc
Opcode Fuzzy Hash: dcd12790425d8e9a418c3a4ba291bf98d8a138fa5851ce51ff6686343c101e83
Instruction Fuzzy Hash: DC716971140205AFE720DF28C849F6A7BE5FF98304F58452DF985972A0E7B0EA42CF56

Uniqueness

Uniqueness Score: -1.00%

Function 0018C8EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

DragQueryPoint.SHELL32(?,?), ref: 0018C917

Part of subcall function 0018ADF1: ClientToScreen.USER32(?,?), ref: 0018AE1A
Part of subcall function 0018ADF1: GetWindowRect.USER32(?,?), ref: 0018AE90
Part of subcall function 0018ADF1: PtInRect.USER32(?,?,0018C304), ref: 0018AEA0

SendMessageW.USER32(?,000000B0,?,?), ref: 0018C980
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0018C98B
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0018C9AE
_wcscat.LIBCMT ref: 0018C9DE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 0018C9F5
SendMessageW.USER32(?,000000B0,?,?), ref: 0018CA0E
SendMessageW.USER32(?,000000B1,?,?), ref: 0018CA25
SendMessageW.USER32(?,000000B1,?,?), ref: 0018CA47
DragFinish.SHELL32(?), ref: 0018CA4E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0018CB41

Strings

@GUI_DRAGFILE, xrefs: 0018CAF0
@GUI_DROPID, xrefs: 0018CA6E
@GUI_DRAGID, xrefs: 0018CAB9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 169749273-3440237614
Opcode ID: c94b3f8bd4057eccd8e74c9b62c5e9550e7e538a5bed54f522d86c2438555a01
Instruction ID: 8a772412fd4d0ae5d0da4174e689b18eb2f37553c56bc2384a5f309a80369f8a
Opcode Fuzzy Hash: c94b3f8bd4057eccd8e74c9b62c5e9550e7e538a5bed54f522d86c2438555a01
Instruction Fuzzy Hash: AC615A71508301AFC701EF64DC85D9FBBE8EF98710F100A2EF595971A1DBB09A49CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00184619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 001846AB
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 001846F6

Strings

GETTOTALCOUNT, xrefs: 001846DD
CHECK, xrefs: 00184716
EXPAND, xrefs: 001847A8
COLLAPSE, xrefs: 0018473C
ISCHECKED, xrefs: 00184879
EXISTS, xrefs: 0018475F
UNCHECK, xrefs: 001848D2
GETTEXT, xrefs: 00184849
GETITEMCOUNT, xrefs: 001847D8
GETSELECTED, xrefs: 00184806
SELECT, xrefs: 001848A7

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 3974292440-4258414348
Opcode ID: 9c7432c5916f48687f0304adc1bb60896ee992a28c8d8f6b9b1cdb7a50417e04
Instruction ID: ef20b8163d7ba3fa9ecadceb0b40d5c0864604acbc3d6277b374664d240ed48d
Opcode Fuzzy Hash: 9c7432c5916f48687f0304adc1bb60896ee992a28c8d8f6b9b1cdb7a50417e04
Instruction Fuzzy Hash: DA918C34604712CFCB14EF54C491A6AB7A1AFA8314F00495CF8D66B7A3DB70EE4ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 0018BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0018BB6E
LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00186D80,?), ref: 0018BBCA
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0018BC03
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 0018BC46
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0018BC7D
FreeLibrary.KERNEL32(?), ref: 0018BC89
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0018BC99
DestroyIcon.USER32(?), ref: 0018BCA8
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0018BCC5
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0018BCD1

Part of subcall function 0012313D: __wcsicmp_l.LIBCMT ref: 001231C6

Strings

.dll, xrefs: 0018BB27
.icl, xrefs: 0018BAE4
.exe, xrefs: 0018BB04

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
String ID: .dll$.exe$.icl
API String ID: 1212759294-1154884017
Opcode ID: f3fb724ff157546a883e85022c7b7644fccbf848d8e653d62898744aa0fb2346
Instruction ID: 34aee2d3a9517580508083a0f40adcd21752ae6bd84864639b8e3bb2cacacddc
Opcode Fuzzy Hash: f3fb724ff157546a883e85022c7b7644fccbf848d8e653d62898744aa0fb2346
Instruction Fuzzy Hash: 4061E171604219BEEB14EF64CC85FBE77A8FF18710F10411AF915D61D1DBB4AA90DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0016A5BD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

CharLowerBuffW.USER32(?,?), ref: 0016A636
GetDriveTypeW.KERNEL32 ref: 0016A683
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0016A6CB
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0016A702
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0016A730

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

Strings

wait, xrefs: 0016A6ED
open, xrefs: 0016A65D
closed, xrefs: 0016A64A, 0016A653
close cd wait, xrefs: 0016A71B
type cdaudio alias cd wait, xrefs: 0016A6AE
close, xrefs: 0016A63C
open , xrefs: 0016A692
set cd door , xrefs: 0016A6D1

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 2698844021-4113822522
Opcode ID: cb64619b2eabb87538be26187578672838d92789d3c2e7745579596c4a5a5034
Instruction ID: 328d41f0ce21a4bc28bd60fef3cbcce3d5aa93c9761d2b8e83dcfca301de06ef
Opcode Fuzzy Hash: cb64619b2eabb87538be26187578672838d92789d3c2e7745579596c4a5a5034
Instruction Fuzzy Hash: 75515BB15043059FC700EF24C99186AB7F4FFA8718F54496CF896672A2DB71AE0ACF52

Uniqueness

Uniqueness Score: -1.00%

Function 0016A45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0016A47A
__swprintf.LIBCMT ref: 0016A49C
CreateDirectoryW.KERNEL32(?,00000000), ref: 0016A4D9
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0016A4FE
_memset.LIBCMT ref: 0016A51D
_wcsncpy.LIBCMT ref: 0016A559
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0016A58E
CloseHandle.KERNEL32(00000000), ref: 0016A599
RemoveDirectoryW.KERNEL32(?), ref: 0016A5A2
CloseHandle.KERNEL32(00000000), ref: 0016A5AC

Strings

:, xrefs: 0016A4BD
\, xrefs: 0016A4B2
\??\%s, xrefs: 0016A496

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
String ID: :$\$\??\%s
API String ID: 2733774712-3457252023
Opcode ID: 6ee6625a833e351b9587182548ee34f63816d09dfbca377ff42d8467cb81b1ec
Instruction ID: e1e77c7663e073b305418676f32e16fa835ed71d8a4f2bb1b4d3211ee76c4762
Opcode Fuzzy Hash: 6ee6625a833e351b9587182548ee34f63816d09dfbca377ff42d8467cb81b1ec
Instruction Fuzzy Hash: 97319F76500219ABDB20DBA0DC48FAB73BCEF88701F5041BAFA09E2150EB7097958B25

Uniqueness

Uniqueness Score: -1.00%

Function 0013AB1B Relevance: 22.7, APIs: 15, Instructions: 211COMMONLIBRARYCODE

Download Yara Rule

APIs

_copy_environ.LIBCMT ref: 0013AB7B
___wtomb_environ.LIBCMT ref: 0013AB9D

Part of subcall function 00128D68: __getptd_noexit.LIBCMT ref: 00128D68

__malloc_crt.LIBCMT ref: 0013ABC5
__malloc_crt.LIBCMT ref: 0013ABE2
_free.LIBCMT ref: 0013AC19
__recalloc_crt.LIBCMT ref: 0013AC52
__recalloc_crt.LIBCMT ref: 0013AC97
_strlen.LIBCMT ref: 0013ACC3
__calloc_crt.LIBCMT ref: 0013ACCD
_strlen.LIBCMT ref: 0013ACDC
SetEnvironmentVariableA.KERNEL32(00000000,00000000,?,?,?,?,00000000,00000000), ref: 0013AD0A
_free.LIBCMT ref: 0013AD24
_free.LIBCMT ref: 0013AD31
_free.LIBCMT ref: 0013AD43
__invoke_watson.LIBCMT ref: 0013AD5D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
String ID:
API String ID: 884005220-0
Opcode ID: 9dc9814a2a661c6884c84674398f3d5c866b0225a72f7b7e7c5e5b801da3cc7d
Instruction ID: 1738891cfcf459d3317f4f67825714d2437a3fd0127336d4e576cf3597f91fbc
Opcode Fuzzy Hash: 9dc9814a2a661c6884c84674398f3d5c866b0225a72f7b7e7c5e5b801da3cc7d
Instruction Fuzzy Hash: 74614772904215EFEB205F64EC42B6DBBA8EF21331F544219E8819B5D5DB39DD80C792

Uniqueness

Uniqueness Score: -1.00%

Function 0016DB04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

__wsplitpath.LIBCMT ref: 0016DC7B
_wcscat.LIBCMT ref: 0016DC93
_wcscat.LIBCMT ref: 0016DCA5
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0016DCBA
SetCurrentDirectoryW.KERNEL32(?), ref: 0016DCCE
GetFileAttributesW.KERNEL32(?), ref: 0016DCE6
SetFileAttributesW.KERNEL32(?,00000000), ref: 0016DD00
SetCurrentDirectoryW.KERNEL32(?), ref: 0016DD12

Strings

*.*, xrefs: 0016DD51

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
String ID: *.*
API String ID: 34673085-438819550
Opcode ID: 85a8597a6baf311a1f954a9106621a2a8163fcb0bef9739d5c9f473bb5266516
Instruction ID: 3dc90e966772c512839ba3d5552cb5cb909370a4b951c4e8c0743d32e8ed3b4e
Opcode Fuzzy Hash: 85a8597a6baf311a1f954a9106621a2a8163fcb0bef9739d5c9f473bb5266516
Instruction Fuzzy Hash: B781E271A042449FCB24EF68DC419AAB7E8BF99300F19882EF889CB251E731DD54CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0018C49C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0018C4EC
GetFocus.USER32 ref: 0018C4FC
GetDlgCtrlID.USER32(00000000), ref: 0018C507
_memset.LIBCMT ref: 0018C632
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0018C65D
GetMenuItemCount.USER32(?), ref: 0018C67D
GetMenuItemID.USER32(?,00000000), ref: 0018C690
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0018C6C4
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0018C70C
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0018C744
DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0018C779

Strings

0, xrefs: 0018C62A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
String ID: 0
API String ID: 1296962147-4108050209
Opcode ID: a1d1812b78a7270472d0f88a9f4fe2b04b48d7499d851ce3aae5a3e2046eca8d
Instruction ID: 21f504f6cc91ef80cf432cd230640c0eb30601d31d3ba4e89bf18dbc5a718692
Opcode Fuzzy Hash: a1d1812b78a7270472d0f88a9f4fe2b04b48d7499d851ce3aae5a3e2046eca8d
Instruction Fuzzy Hash: 9C818C70208305AFDB10EF24D984AABBBE9FF98314F10492DF99597291D770DA45CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 001583F4 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0015874A: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00158766
Part of subcall function 0015874A: GetLastError.KERNEL32(?,0015822A,?,?,?), ref: 00158770
Part of subcall function 0015874A: GetProcessHeap.KERNEL32(00000008,?,?,0015822A,?,?,?), ref: 0015877F
Part of subcall function 0015874A: HeapAlloc.KERNEL32(00000000,?,0015822A,?,?,?), ref: 00158786
Part of subcall function 0015874A: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0015879D

Part of subcall function 001587E7: GetProcessHeap.KERNEL32(00000008,00158240,00000000,00000000,?,00158240,?), ref: 001587F3
Part of subcall function 001587E7: HeapAlloc.KERNEL32(00000000,?,00158240,?), ref: 001587FA
Part of subcall function 001587E7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00158240,?), ref: 0015880B

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00158458
_memset.LIBCMT ref: 0015846D
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0015848C
GetLengthSid.ADVAPI32(?), ref: 0015849D
GetAce.ADVAPI32(?,00000000,?), ref: 001584DA
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 001584F6
GetLengthSid.ADVAPI32(?), ref: 00158513
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00158522
HeapAlloc.KERNEL32(00000000), ref: 00158529
GetLengthSid.ADVAPI32(?,00000008,?), ref: 0015854A
CopySid.ADVAPI32(00000000), ref: 00158551
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00158582
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 001585A8
SetUserObjectSecurity.USER32(?,00000004,?), ref: 001585BC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 06733739fa9d7c1fb8386b3a3c2bb1543b040b277a97cbce0d8851158f4a7154
Instruction ID: 1c45d1f7f9d0c10caf8b2363e07fa2db70756ff7700d3e030a30853578d881ce
Opcode Fuzzy Hash: 06733739fa9d7c1fb8386b3a3c2bb1543b040b277a97cbce0d8851158f4a7154
Instruction Fuzzy Hash: 57612D71900209EFDF10DF94DC45AAEBB79FF04305F148269F925BA291EB319A55CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0017762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 001776A2
CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 001776AE
CreateCompatibleDC.GDI32(?), ref: 001776BA
SelectObject.GDI32(00000000,?), ref: 001776C7
StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 0017771B
GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00177757
GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 0017777B
SelectObject.GDI32(00000006,?), ref: 00177783
DeleteObject.GDI32(?), ref: 0017778C
DeleteDC.GDI32(00000006), ref: 00177793
ReleaseDC.USER32(00000000,?), ref: 0017779E

Strings

(, xrefs: 00177723

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: 6948ecdc2c9a1d5b9bedb9339a92a869e374fd018ebf1b4a827cb7a365d72888
Instruction ID: fd1b70bc70ac4bb0de40d3ad8fc442401d898b590908de650a1b2fddab64d66d
Opcode Fuzzy Hash: 6948ecdc2c9a1d5b9bedb9339a92a869e374fd018ebf1b4a827cb7a365d72888
Instruction Fuzzy Hash: C6515A75904309EFDB15CFA8CC88EAEBBB9EF48310F14852DF94997250D731A941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0016A0B5 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 156COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,0018FB78), ref: 0016A0FC

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

LoadStringW.USER32(?,?,00000FFF,?), ref: 0016A11E
__swprintf.LIBCMT ref: 0016A177
__swprintf.LIBCMT ref: 0016A190
_wprintf.LIBCMT ref: 0016A246
_wprintf.LIBCMT ref: 0016A264

Strings

Error: , xrefs: 0016A20E
"%s" (%d) : ==> %s:, xrefs: 0016A25F
Line %d (File "%s"):, xrefs: 0016A171, 0016A18A
^ ERROR, xrefs: 0016A1E8
"%s" (%d) : ==> %s:%s%s, xrefs: 0016A241

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: LoadString__swprintf_wprintf$_memmove
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 311963372-2391861430
Opcode ID: ef2abbba442afa28b0eead56bc425e8320731e18b5e24590615ffe47869e1032
Instruction ID: ee9e46fc3f792e672fec012d11aa1baf6759ac0892b8e12d7a8a2ee2979d2deb
Opcode Fuzzy Hash: ef2abbba442afa28b0eead56bc425e8320731e18b5e24590615ffe47869e1032
Instruction Fuzzy Hash: 68516C72900209AACF15EBE0CD86EEEB779AF28300F500165F515720E1EB756F99CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00106BEC Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 00120B9B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00106C6C,?,00008000), ref: 00120BB7

Part of subcall function 001048AE: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,001048A1,?,?,001037C0,?), ref: 001048CE

SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00106D0D
SetCurrentDirectoryW.KERNEL32(?), ref: 00106E5A

Part of subcall function 001059CD: _wcscpy.LIBCMT ref: 00105A05

Part of subcall function 0012387D: _iswctype.LIBCMT ref: 00123885

Strings

Error opening the file, xrefs: 0013E866, 0013E8E1
Unterminated string, xrefs: 0013EC0D
#include depth exceeded. Make sure there are no recursive includes, xrefs: 0013E84A
AU3!, xrefs: 00106CC1
Bad directive syntax error, xrefs: 0013EBC6
>>>AUTOIT SCRIPT<<<, xrefs: 0013E8BF
EA06, xrefs: 0013E87B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
API String ID: 537147316-1018226102
Opcode ID: 20ef7eedd393acdd05ae9c3d2f591bc6cc8665a7331f0fd23b65e2ea7fcfff09
Instruction ID: 65ad65e74ff9cd63f18cc9fbc4903cd734389f9ce36ff622e76d7c48c199962c
Opcode Fuzzy Hash: 20ef7eedd393acdd05ae9c3d2f591bc6cc8665a7331f0fd23b65e2ea7fcfff09
Instruction Fuzzy Hash: 3C0278305083419FC724EF24C881AAFBBE5AFA9314F14492DF4D6972E1DB70EA59CB52

Uniqueness

Uniqueness Score: -1.00%

Function 001045DF Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 001045F9
GetMenuItemCount.USER32(001C6890), ref: 0013D7CD
GetMenuItemCount.USER32(001C6890), ref: 0013D87D
GetCursorPos.USER32(?), ref: 0013D8C1
SetForegroundWindow.USER32(00000000), ref: 0013D8CA
TrackPopupMenuEx.USER32(001C6890,00000000,?,00000000,00000000,00000000), ref: 0013D8DD
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0013D8E9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
String ID:
API String ID: 2751501086-0
Opcode ID: b94857de271d644006970875f3a722d07c702ff902ac779711cbb9fe564cd723
Instruction ID: 7502590c46eb3eacaa8223ca40675c95674d0f728e85445b6566575c5f31aec2
Opcode Fuzzy Hash: b94857de271d644006970875f3a722d07c702ff902ac779711cbb9fe564cd723
Instruction Fuzzy Hash: D071E570600605BFEB259F64FC89FAABF65FF05368F204216F625A61E1C7B16860DB90

Uniqueness

Uniqueness Score: -1.00%

Function 001810A5 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00180038,?,?), ref: 001810BC

Strings

HKEY_CLASSES_ROOT, xrefs: 0018114F
HKEY_USERS, xrefs: 001811BD
HKCR, xrefs: 00181164
HKEY_CURRENT_USER, xrefs: 0018119B
HKEY_LOCAL_MACHINE, xrefs: 00181125
HKEY_CURRENT_CONFIG, xrefs: 00181179
HKCU, xrefs: 001811AC
HKU, xrefs: 001811CE
HKLM, xrefs: 0018113A
HKCC, xrefs: 0018118A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 3964851224-909552448
Opcode ID: 6b8f61db80ec55862fcb5e057b70526aa3c29979ae3f5291e287d02a0b406ff4
Instruction ID: aa08bf267992955423b815987d910b7a597bd80c4abaf8a42f0aece982d0fd4b
Opcode Fuzzy Hash: 6b8f61db80ec55862fcb5e057b70526aa3c29979ae3f5291e287d02a0b406ff4
Instruction Fuzzy Hash: 0E419D7110525EAFCF10FF94ED91AEA3729AF25310F104514FC916B692DB70AA2BCB60

Uniqueness

Uniqueness Score: -1.00%

Function 00165569 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON

Download Yara Rule

APIs

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

Part of subcall function 00107A84: _memmove.LIBCMT ref: 00107B0D

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 001655D2
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 001655E8
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 001655F9
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0016560B
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0016561C

Strings

play PlayMe wait, xrefs: 00165606
alias PlayMe, xrefs: 001655AB
play PlayMe, xrefs: 00165617
status PlayMe mode, xrefs: 001655CD
open , xrefs: 00165581
close PlayMe, xrefs: 001655E3, 00165610

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: SendString$_memmove
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2279737902-1007645807
Opcode ID: 80e22424464ca07a06ce0c203d1321ed0d5489e74083d4e627a593dd3cd8ab5d
Instruction ID: f0be3d65817658cccc31afcee847e15c30750cde56817b70e6c8872aa3a750a5
Opcode Fuzzy Hash: 80e22424464ca07a06ce0c203d1321ed0d5489e74083d4e627a593dd3cd8ab5d
Instruction Fuzzy Hash: EF119430A50169B9D720B665CC5ADFF7BBDFFA5B00F840469B441A20E1EFA01D45C9B1

Uniqueness

Uniqueness Score: -1.00%

Function 001648F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 0016490E
gethostname.WSOCK32(?,00000100), ref: 00164928
gethostbyname.WSOCK32(?), ref: 00164935
_wcscpy.LIBCMT ref: 0016495D
_memmove.LIBCMT ref: 00164970
inet_ntoa.WSOCK32(?), ref: 0016497B
_strcat.LIBCMT ref: 00164989
_wcscpy.LIBCMT ref: 001649A0
WSACleanup.WSOCK32 ref: 001649AE
_wcscpy.LIBCMT ref: 001649BC

Strings

0.0.0.0, xrefs: 00164957

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 208665112-3771769585
Opcode ID: 5ea73a039d857827a2790cb69b55b9a5b5785976f25e4aeb4f4a26a6565d2e53
Instruction ID: 9307f8a84ea2c9fc7c134893e8eab46493dddb5023e76c9a4c8faac4a7ddddcd
Opcode Fuzzy Hash: 5ea73a039d857827a2790cb69b55b9a5b5785976f25e4aeb4f4a26a6565d2e53
Instruction Fuzzy Hash: AB11D231904129ABDB24EB24AC0AEDF77AC9F15714F1401BAF44496091EF709AE28BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00165217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 0016521C

Part of subcall function 00120719: timeGetTime.WINMM(?,75C0B400,00110FF9), ref: 0012071D

Sleep.KERNEL32(0000000A), ref: 00165248
EnumThreadWindows.USER32(?,Function_000651CA,00000000), ref: 0016526C
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 0016528E
SetActiveWindow.USER32 ref: 001652AD
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 001652BB
SendMessageW.USER32(00000010,00000000,00000000), ref: 001652DA
Sleep.KERNEL32(000000FA), ref: 001652E5
IsWindow.USER32 ref: 001652F1
EndDialog.USER32(00000000), ref: 00165302

Strings

BUTTON, xrefs: 00165280

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 45b1fc1d4839a2615b734cfd3794ef6bf716a00b7f6879a7ad0e30b5740f2957
Instruction ID: 5b4d82462e4ef386c8af9fbc05b2000814ae453efbb55faff95881afe9aa274d
Opcode Fuzzy Hash: 45b1fc1d4839a2615b734cfd3794ef6bf716a00b7f6879a7ad0e30b5740f2957
Instruction Fuzzy Hash: 71219370204704AFE7015B70FD89E2A3F6AFB55746F10142CF11282AB1DBA1DEE5CB21

Uniqueness

Uniqueness Score: -1.00%

Function 0016D7F8 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON

Download Yara Rule

APIs

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

CoInitialize.OLE32(00000000), ref: 0016D855
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 0016D8E8
SHGetDesktopFolder.SHELL32(?), ref: 0016D8FC
CoCreateInstance.OLE32(00192D7C,00000000,00000001,001BA89C,?), ref: 0016D948
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 0016D9B7
CoTaskMemFree.OLE32(?,?), ref: 0016DA0F
_memset.LIBCMT ref: 0016DA4C
SHBrowseForFolderW.SHELL32(?), ref: 0016DA88
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0016DAAB
CoTaskMemFree.OLE32(00000000), ref: 0016DAB2
CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 0016DAE9
CoUninitialize.OLE32(00000001,00000000), ref: 0016DAEB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
String ID:
API String ID: 1246142700-0
Opcode ID: e0be6f837ddc3649bec95d366528344a5ae83281992f78dddaf9a4aa3f26f6fd
Instruction ID: 4dd2d053ff0dade8f7155ac0498d036a3a0d5b95ba4d191e643add1fd100c5b9
Opcode Fuzzy Hash: e0be6f837ddc3649bec95d366528344a5ae83281992f78dddaf9a4aa3f26f6fd
Instruction Fuzzy Hash: E4B1FA75A00109AFDB04DFA4DC98DAEBBB9FF48314B148469F909EB261DB70EE45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0016052C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 001605A7
SetKeyboardState.USER32(?), ref: 00160612
GetAsyncKeyState.USER32(000000A0), ref: 00160632
GetKeyState.USER32(000000A0), ref: 00160649
GetAsyncKeyState.USER32(000000A1), ref: 00160678
GetKeyState.USER32(000000A1), ref: 00160689
GetAsyncKeyState.USER32(00000011), ref: 001606B5
GetKeyState.USER32(00000011), ref: 001606C3
GetAsyncKeyState.USER32(00000012), ref: 001606EC
GetKeyState.USER32(00000012), ref: 001606FA
GetAsyncKeyState.USER32(0000005B), ref: 00160723
GetKeyState.USER32(0000005B), ref: 00160731

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 1751f51033d71796df6207aed2c5262babc8a40a28b036f896c0795e849bade1
Instruction ID: a07059d49204a08e4633980eee38df380053995d8ed58bc3df9684b571ff034f
Opcode Fuzzy Hash: 1751f51033d71796df6207aed2c5262babc8a40a28b036f896c0795e849bade1
Instruction Fuzzy Hash: BA51D960A0478829FB36DBB08C547EBBFB49F15380F08859ED5C2571C2DB649BACCB61

Uniqueness

Uniqueness Score: -1.00%

Function 0015C72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 0015C746
GetWindowRect.USER32(00000000,?), ref: 0015C758
MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0015C7B6
GetDlgItem.USER32(?,00000002), ref: 0015C7C1
GetWindowRect.USER32(00000000,?), ref: 0015C7D3
MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0015C827
GetDlgItem.USER32(?,000003E9), ref: 0015C835
GetWindowRect.USER32(00000000,?), ref: 0015C846
MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0015C889
GetDlgItem.USER32(?,000003EA), ref: 0015C897
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0015C8B4
InvalidateRect.USER32(?,00000000,00000001), ref: 0015C8C1

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 6f9fb6f435c53bddd160a02fbc395ebeb04d15918bd3fc0a143c37c8ee93cd61
Instruction ID: e5b7633fdcc423b05192c099cf520bd798d15343e05ac644e8ef0302b751576e
Opcode Fuzzy Hash: 6f9fb6f435c53bddd160a02fbc395ebeb04d15918bd3fc0a143c37c8ee93cd61
Instruction Fuzzy Hash: D4516171B00205AFDB18CF68DD89AAEBBB6EB88311F24812DF915D7690D7709E44CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0010201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00101B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00102036,?,00000000,?,?,?,?,001016CB,00000000,?), ref: 00101B9A

DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 001020D3
KillTimer.USER32(-00000001,?,?,?,?,001016CB,00000000,?,?,00101AE2,?,?), ref: 0010216E
DestroyAcceleratorTable.USER32(00000000), ref: 0013BEF6
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,001016CB,00000000,?,?,00101AE2,?,?), ref: 0013BF27
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,001016CB,00000000,?,?,00101AE2,?,?), ref: 0013BF3E
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,001016CB,00000000,?,?,00101AE2,?,?), ref: 0013BF5A
DeleteObject.GDI32(00000000), ref: 0013BF6C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: 92433c1b9c8af7cc8bdd637fdd5e58a7e87935ab531f4bb5aeb29bebb05b9813
Instruction ID: 7b9c5d25791eb05a0af124c2645f380c5d4e35ea4b0f744aa748d9b1d88f4f61
Opcode Fuzzy Hash: 92433c1b9c8af7cc8bdd637fdd5e58a7e87935ab531f4bb5aeb29bebb05b9813
Instruction Fuzzy Hash: F5618831104710EFDB299F14CD8CB2ABBF2FF50316F10892DE682969A4C7B5A981DF81

Uniqueness

Uniqueness Score: -1.00%

Function 001021A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON

Download Yara Rule

APIs

Part of subcall function 001025DB: GetWindowLongW.USER32(?,000000EB), ref: 001025EC

GetSysColor.USER32(0000000F), ref: 001021D3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: a7cd9e0a44fb624e5bd9ab9b10efcd6ffa98f901691580bc3707e9266be59cc8
Instruction ID: 3bf56dda88ba12d75eb64cca1e12f0cd548cd3db0677fa7257a8cd27bb5dc709
Opcode Fuzzy Hash: a7cd9e0a44fb624e5bd9ab9b10efcd6ffa98f901691580bc3707e9266be59cc8
Instruction Fuzzy Hash: AE41E431100140EFDB255F68DC8CBB93B65EB56331F284365FDA59A1E2C7718D82DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0016AB12 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,0018F910), ref: 0016AB76
GetDriveTypeW.KERNEL32(00000061,001BA620,00000061), ref: 0016AC40
_wcscpy.LIBCMT ref: 0016AC6A

Strings

all, xrefs: 0016AB7C
removable, xrefs: 0016ABA8
fixed, xrefs: 0016ABBE
ramdisk, xrefs: 0016ABEA
cdrom, xrefs: 0016AB92
network, xrefs: 0016ABD4
unknown, xrefs: 0016AC01

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharDriveLowerType_wcscpy
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2820617543-1000479233
Opcode ID: 1b79200d9f3839113dcaa1028bdad446d824fcc52f5aa159cf6e190a26eeb6be
Instruction ID: c7df6097b4d3ff9f23ce5de3d421e52223bd4cf0a931d260e3e3ab59b1394df6
Opcode Fuzzy Hash: 1b79200d9f3839113dcaa1028bdad446d824fcc52f5aa159cf6e190a26eeb6be
Instruction Fuzzy Hash: F551BC301083059FC714EF18CC91AAEB7A5EFA5310F90482DF496A72E2DB71E959CB53

Uniqueness

Uniqueness Score: -1.00%

Function 00109997 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 001099C2
__swprintf.LIBCMT ref: 00109A0C
__i64tow.LIBCMT ref: 0013FA0F

Strings

False, xrefs: 0013F9D7
0x%p, xrefs: 0013F9F1
True, xrefs: 0013F9D0
%.15g, xrefs: 00109A06

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __i64tow__itow__swprintf
String ID: %.15g$0x%p$False$True
API String ID: 421087845-2263619337
Opcode ID: 5688be85b41cf1310949615f1ac74f02b2b1e5f24c7bef378fd3f79f2e48c43c
Instruction ID: 0cebec6d189d8b09fcde0169807b9a88ed9456e40fb6d3b5a13ebe170cbcdaf3
Opcode Fuzzy Hash: 5688be85b41cf1310949615f1ac74f02b2b1e5f24c7bef378fd3f79f2e48c43c
Instruction Fuzzy Hash: 2F41E371A04219AFDB249B38DC42F7A73E8EB58314F20446EF589D72D2EB719942CB11

Uniqueness

Uniqueness Score: -1.00%

Function 001873C1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 001873D9
CreateMenu.USER32 ref: 001873F4
SetMenu.USER32(?,00000000), ref: 00187403
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00187490
IsMenu.USER32(?), ref: 001874A6
CreatePopupMenu.USER32 ref: 001874B0
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 001874DD
DrawMenuBar.USER32 ref: 001874E5

Strings

F, xrefs: 001874D1
0, xrefs: 001873CF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
String ID: 0$F
API String ID: 176399719-3044882817
Opcode ID: 4e08df748f66c72b7a3b4f6e66aa8aba78e0d9fe82f5a4eb6aefa7e026ae3c1f
Instruction ID: 7ca4868121d92357847beb0416397c495e18a256e0758334b126c86b4c603d05
Opcode Fuzzy Hash: 4e08df748f66c72b7a3b4f6e66aa8aba78e0d9fe82f5a4eb6aefa7e026ae3c1f
Instruction Fuzzy Hash: AC410875A01209EFDB10EF64D888E9ABBB5FF49310F244429F955A73A0D735EA60CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0018772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 001877CD
CreateCompatibleDC.GDI32(00000000), ref: 001877D4
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 001877E7
SelectObject.GDI32(00000000,00000000), ref: 001877EF
GetPixel.GDI32(00000000,00000000,00000000), ref: 001877FA
DeleteDC.GDI32(00000000), ref: 00187803
GetWindowLongW.USER32(?,000000EC), ref: 0018780D
SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00187821
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 0018782D

Strings

static, xrefs: 00187765

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: cdd40249f8779e4762e57a15b1b5886d56f8e31a3d46e30a495e30ac44706730
Instruction ID: 94e94249a921e5b5251d97ad77a6eb7c1ea3cff34e90a58041bb243a958f7160
Opcode Fuzzy Hash: cdd40249f8779e4762e57a15b1b5886d56f8e31a3d46e30a495e30ac44706730
Instruction Fuzzy Hash: CF316D31105215BBDF11AFA4DC09FDA3B69FF49324F210228FA15A60E0D735DA62DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00127040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0012707B

Part of subcall function 00128D68: __getptd_noexit.LIBCMT ref: 00128D68

__gmtime64_s.LIBCMT ref: 00127114
__gmtime64_s.LIBCMT ref: 0012714A
__gmtime64_s.LIBCMT ref: 00127167
__allrem.LIBCMT ref: 001271BD
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 001271D9
__allrem.LIBCMT ref: 001271F0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0012720E
__allrem.LIBCMT ref: 00127225
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00127243
__invoke_watson.LIBCMT ref: 001272B4

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
Instruction ID: 928dfb7de3577883521cf62a746b37a38d315c006c9b114916a1119c1da2f1b0
Opcode Fuzzy Hash: 85949ae18b549cd2d12431497598bef6b028e5a4746e3945652a320069ef6a5a
Instruction Fuzzy Hash: 1171FB71A04726EFE714AE79DC42B5BB3A8AF11320F14422AF514D72C1E770E9648BD4

Uniqueness

Uniqueness Score: -1.00%

Function 00162A16 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00162A31
GetMenuItemInfoW.USER32(001C6890,000000FF,00000000,00000030), ref: 00162A92
SetMenuItemInfoW.USER32(001C6890,00000004,00000000,00000030), ref: 00162AC8
Sleep.KERNEL32(000001F4), ref: 00162ADA
GetMenuItemCount.USER32(?), ref: 00162B1E
GetMenuItemID.USER32(?,00000000), ref: 00162B3A
GetMenuItemID.USER32(?,-00000001), ref: 00162B64
GetMenuItemID.USER32(?,?), ref: 00162BA9
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00162BEF
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00162C03
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00162C24

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep_memset
String ID:
API String ID: 4176008265-0
Opcode ID: 0429b4c6f11e577d9a4856d4da19b3b783f4644bf61edf7f192123e50a8aeeed
Instruction ID: cedf649e4039ca58b0629f437a0e4878738b1fd2d227c480492b6a221abde3f2
Opcode Fuzzy Hash: 0429b4c6f11e577d9a4856d4da19b3b783f4644bf61edf7f192123e50a8aeeed
Instruction Fuzzy Hash: 2861E3B0900649EFDB21CFA4CC88EBE7BB8EB45304F140569F84197291D771AE66DB21

Uniqueness

Uniqueness Score: -1.00%

Function 00187192 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00187214
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00187217
GetWindowLongW.USER32(?,000000F0), ref: 0018723B
_memset.LIBCMT ref: 0018724C
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0018725E
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 001872D6

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$LongWindow_memset
String ID:
API String ID: 830647256-0
Opcode ID: f23a589483db3897bd72af53302756fd21c0a24b323901729872db17ad50cee0
Instruction ID: 377a477dfd66eb8d9995e0efc7a7465eadaf7b105411db1acd0e7bc4f7ef1b4c
Opcode Fuzzy Hash: f23a589483db3897bd72af53302756fd21c0a24b323901729872db17ad50cee0
Instruction Fuzzy Hash: 6D613975A00208AFDB10EFA4CC85EEE77B8AF09714F244169FA15A72E1D770EA45DF60

Uniqueness

Uniqueness Score: -1.00%

Function 0015710E Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00157135
SafeArrayAllocData.OLEAUT32(?), ref: 0015718E
VariantInit.OLEAUT32(?), ref: 001571A0
SafeArrayAccessData.OLEAUT32(?,?), ref: 001571C0
VariantCopy.OLEAUT32(?,?), ref: 00157213
SafeArrayUnaccessData.OLEAUT32(?), ref: 00157227
VariantClear.OLEAUT32(?), ref: 0015723C
SafeArrayDestroyData.OLEAUT32(?), ref: 00157249
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00157252
VariantClear.OLEAUT32(?), ref: 00157264
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0015726F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: a7124133e5a021928dc51ec0695657e09bd75d6165c55c9270c14a15ee39cbba
Instruction ID: 2d6297cefc2bb4acad4e8d5463d8945dd0d646343e693004ac60893003fb9b95
Opcode Fuzzy Hash: a7124133e5a021928dc51ec0695657e09bd75d6165c55c9270c14a15ee39cbba
Instruction Fuzzy Hash: AE415235A04119EFCF00DF64D849DAEBBB9FF18355F008069F955EB661CB70AA4ACB90

Uniqueness

Uniqueness Score: -1.00%

Function 001786D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON

Download Yara Rule

APIs

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

CoInitialize.OLE32 ref: 00178718
CoUninitialize.OLE32 ref: 00178723
CoCreateInstance.OLE32(?,00000000,00000017,00192BEC,?), ref: 00178783
IIDFromString.OLE32(?,?), ref: 001787F6
VariantInit.OLEAUT32(?), ref: 00178890
VariantClear.OLEAUT32(?), ref: 001788F1

Strings

Invalid parameter, xrefs: 0017880F
Failed to create object, xrefs: 0017878E, 00178844
NULL Pointer assignment, xrefs: 001787C8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 834269672-1287834457
Opcode ID: f062893b07765b694ded107999c6fcc6f1f536a7ad5de5d40f6678cdf6bdc025
Instruction ID: 089a591f92981497d7645edd606846916c1df73d3e63cf4d955813d3d3abb7b6
Opcode Fuzzy Hash: f062893b07765b694ded107999c6fcc6f1f536a7ad5de5d40f6678cdf6bdc025
Instruction Fuzzy Hash: 6661B1706483019FD714DF64C889B5BBBF4AF59714F10881DF98A9B291CB70ED88CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00175A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00175AA6
inet_addr.WSOCK32(?,?,?), ref: 00175AEB
gethostbyname.WSOCK32(?), ref: 00175AF7
IcmpCreateFile.IPHLPAPI ref: 00175B05
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00175B75
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00175B8B
IcmpCloseHandle.IPHLPAPI(00000000), ref: 00175C00
WSACleanup.WSOCK32 ref: 00175C06

Strings

Ping, xrefs: 00175B29

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 6d81d5c95c2a1e0bb2c1b4ff2dca52dda5f9de072e32988d50ddd8e7abddfcc1
Instruction ID: 383dc646ce52b673f1fd61e179eef27a0c77dab8d3fc6ce6b29451f4ca618b04
Opcode Fuzzy Hash: 6d81d5c95c2a1e0bb2c1b4ff2dca52dda5f9de072e32988d50ddd8e7abddfcc1
Instruction Fuzzy Hash: 705170316047009FDB219F24CC49B2ABBF6EF48710F148969F999DB2E1DBB0E940DB56

Uniqueness

Uniqueness Score: -1.00%

Function 0016B72E Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0016B73B
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0016B7B1
GetLastError.KERNEL32 ref: 0016B7BB
SetErrorMode.KERNEL32(00000000,READY), ref: 0016B828

Strings

NOTREADY, xrefs: 0016B7E7
READONLY, xrefs: 0016B7F3
READY, xrefs: 0016B801
UNKNOWN, xrefs: 0016B7E0
INVALID, xrefs: 0016B7FA

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 773a49b58aad73cd12eef66b17dd6d2dcef47ec1174f0e08777df68566d8534f
Instruction ID: 10dc55e3cac826ec3d90e0959791b1828a9ac3821ef62d187b23fdb50d9bc973
Opcode Fuzzy Hash: 773a49b58aad73cd12eef66b17dd6d2dcef47ec1174f0e08777df68566d8534f
Instruction Fuzzy Hash: 8C319035A04209AFDB10EF68DCC5AAE7BB8FF98711F104029E506D72D2DB719A92CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00159471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 0015B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0015B0E7

SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 001594F6
GetDlgCtrlID.USER32 ref: 00159501
GetParent.USER32 ref: 0015951D
SendMessageW.USER32(00000000,?,00000111,?), ref: 00159520
GetDlgCtrlID.USER32(?), ref: 00159529
GetParent.USER32(?), ref: 00159545
SendMessageW.USER32(00000000,?,?,00000111), ref: 00159548

Strings

ComboBox, xrefs: 0015947E
ListBox, xrefs: 001594B3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: ComboBox$ListBox
API String ID: 1536045017-1403004172
Opcode ID: 697c303ab706559c38a6297ab2f4663299d348628ca18ad97ff79e84bfefc9a7
Instruction ID: 3222982292ddf7b16f4911ca8e1eeda145e7125cfa3853d77f6690acdaa79863
Opcode Fuzzy Hash: 697c303ab706559c38a6297ab2f4663299d348628ca18ad97ff79e84bfefc9a7
Instruction Fuzzy Hash: BA21B270A00204EBCF05AB64CC85DFEBB75EF59300F20021AF961972E1EB7559599B20

Uniqueness

Uniqueness Score: -1.00%

Function 0015955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 0015B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0015B0E7

SendMessageW.USER32(?,00000186,00000002,00000000), ref: 001595DF
GetDlgCtrlID.USER32 ref: 001595EA
GetParent.USER32 ref: 00159606
SendMessageW.USER32(00000000,?,00000111,?), ref: 00159609
GetDlgCtrlID.USER32(?), ref: 00159612
GetParent.USER32(?), ref: 0015962E
SendMessageW.USER32(00000000,?,?,00000111), ref: 00159631

Strings

ComboBox, xrefs: 00159569
ListBox, xrefs: 0015959E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: ComboBox$ListBox
API String ID: 1536045017-1403004172
Opcode ID: 90b0cbe8bc4244d83922aa95b26ee9cf34d9ed365d109dade86cf6a9224e3944
Instruction ID: 787baaf71f62edd1c7361d92c2b65671c2bb2fbb7ead09f72199dce7f71c8975
Opcode Fuzzy Hash: 90b0cbe8bc4244d83922aa95b26ee9cf34d9ed365d109dade86cf6a9224e3944
Instruction Fuzzy Hash: F221A474A00204FBDF05AB60CC85EFEBB79EF58300F10011AF961972E1EB75555A9B20

Uniqueness

Uniqueness Score: -1.00%

Function 00159645 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00159651
GetClassNameW.USER32(00000000,?,00000100), ref: 00159666
_wcscmp.LIBCMT ref: 00159678
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 001596F3

Strings

largeicons, xrefs: 00159687
list, xrefs: 001596D5
SHELLDLL_DefView, xrefs: 00159672
details, xrefs: 001596A1
smallicons, xrefs: 001596BB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClassMessageNameParentSend_wcscmp
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1704125052-3381328864
Opcode ID: 9c94af80bc71b5d0c6486a675a5298261af2fc464700bbb5ec9a03a7f3836d9f
Instruction ID: c2587a4eea476af3a041dd7e21c89cf1d415e787d6e7ab8bcd3fc3e70e5e294e
Opcode Fuzzy Hash: 9c94af80bc71b5d0c6486a675a5298261af2fc464700bbb5ec9a03a7f3836d9f
Instruction Fuzzy Hash: 50112976288317FAFA152720EC07DE7779CCB15361F200127FE30A90D1FFA56A6A4A59

Uniqueness

Uniqueness Score: -1.00%

Function 00178BC0 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00178BEC
CoInitialize.OLE32(00000000), ref: 00178C19
CoUninitialize.OLE32 ref: 00178C23
GetRunningObjectTable.OLE32(00000000,?), ref: 00178D23
SetErrorMode.KERNEL32(00000001,00000029), ref: 00178E50
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00192C0C), ref: 00178E84
CoGetObject.OLE32(?,00000000,00192C0C,?), ref: 00178EA7
SetErrorMode.KERNEL32(00000000), ref: 00178EBA
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00178F3A
VariantClear.OLEAUT32(?), ref: 00178F4A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
String ID:
API String ID: 2395222682-0
Opcode ID: 53dbde36ef2de4328ae5987be4d4d8fc1e7744e6f5f110ad1896bd9c7110dc89
Instruction ID: fb81f5123804e61c33f63750537bccc7c52c2b7b4abe4fd99b4f8fba8b6b31b7
Opcode Fuzzy Hash: 53dbde36ef2de4328ae5987be4d4d8fc1e7744e6f5f110ad1896bd9c7110dc89
Instruction Fuzzy Hash: D3C12471608305AFD700DF68C88896AB7F9BF89348F00896DF58ADB251DB71ED46CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00164189 Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON

Download Yara Rule

APIs

__swprintf.LIBCMT ref: 0016419D
__swprintf.LIBCMT ref: 001641AA

Part of subcall function 001238D8: __woutput_l.LIBCMT ref: 00123931

FindResourceW.KERNEL32(?,?,0000000E), ref: 001641D4
LoadResource.KERNEL32(?,00000000), ref: 001641E0
LockResource.KERNEL32(00000000), ref: 001641ED
FindResourceW.KERNEL32(?,?,00000003), ref: 0016420D
LoadResource.KERNEL32(?,00000000), ref: 0016421F
SizeofResource.KERNEL32(?,00000000), ref: 0016422E
LockResource.KERNEL32(?), ref: 0016423A
CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 0016429B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
String ID:
API String ID: 1433390588-0
Opcode ID: e81126fe8c488bff85d8395c9a674e4ab7a14c3508095ced41f032abf4d04fcb
Instruction ID: e9aa63f87d28615ee1c6f3409d9aa8bcf949d1558f0f565552bb0d0e8f57a94a
Opcode Fuzzy Hash: e81126fe8c488bff85d8395c9a674e4ab7a14c3508095ced41f032abf4d04fcb
Instruction Fuzzy Hash: 6731CF7160121AAFDB019FA0EC58EBF7BADEF08301F104529F811D2550E774DAA2CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 001616DE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00161700
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00160778,?,00000001), ref: 00161714
GetWindowThreadProcessId.USER32(00000000), ref: 0016171B
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00160778,?,00000001), ref: 0016172A
GetWindowThreadProcessId.USER32(?,00000000), ref: 0016173C
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00160778,?,00000001), ref: 00161755
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00160778,?,00000001), ref: 00161767
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00160778,?,00000001), ref: 001617AC
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00160778,?,00000001), ref: 001617C1
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00160778,?,00000001), ref: 001617CC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 8d0877b948c6da781ea2ed5a96e35e934b7e1345e26be21738f0405227d0309a
Instruction ID: e588db3451df8c01da2251dcbb4b9a3c514ac6da2716e3ecd067940cd5ec6ce7
Opcode Fuzzy Hash: 8d0877b948c6da781ea2ed5a96e35e934b7e1345e26be21738f0405227d0309a
Instruction Fuzzy Hash: 6F318D75604208BFEB129F25DC89F797BA9EB55711F284029F814C66E0DBB49E908F60

Uniqueness

Uniqueness Score: -1.00%

Function 0015A693 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON

Download Yara Rule

APIs

EnumChildWindows.USER32(?,0015AA64), ref: 0015A9A2

Strings

NAME, xrefs: 0015A7D4
INSTANCE, xrefs: 0015A8B0
CLASS, xrefs: 0015A721
CLASSNN, xrefs: 0015A744
REGEXPCLASS, xrefs: 0015A767
TEXT, xrefs: 0015A8D9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ChildEnumWindows
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 3555792229-1603158881
Opcode ID: 9d08b590be91935a63a8a4a8895e2c642412418cb9d937a2f147b5a324c5a0f0
Instruction ID: 189566b77da442f23bf17133e4382f871f080152d4100c60e925715717075c77
Opcode Fuzzy Hash: 9d08b590be91935a63a8a4a8895e2c642412418cb9d937a2f147b5a324c5a0f0
Instruction Fuzzy Hash: 2791B830A4051ADFDB08DF60C481BE9FB75BF14315F908219DDAAAB191DF306A5ECB91

Uniqueness

Uniqueness Score: -1.00%

Function 00102E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00102EAE

Part of subcall function 00101DB3: GetClientRect.USER32(?,?), ref: 00101DDC
Part of subcall function 00101DB3: GetWindowRect.USER32(?,?), ref: 00101E1D
Part of subcall function 00101DB3: ScreenToClient.USER32(?,?), ref: 00101E45

GetDC.USER32 ref: 0013CF82
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0013CF95
SelectObject.GDI32(00000000,00000000), ref: 0013CFA3
SelectObject.GDI32(00000000,00000000), ref: 0013CFB8
ReleaseDC.USER32(?,00000000), ref: 0013CFC0
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0013D04B

Strings

U, xrefs: 0013CF20

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 705daca3ca1952008389233f0ba1dac8328e4fdb540f13ba0f6e07ae285cedef
Instruction ID: 52e2dd91210c903c6dc51085862857b6db992f435abe0efaf0cb4c2885bae8ec
Opcode Fuzzy Hash: 705daca3ca1952008389233f0ba1dac8328e4fdb540f13ba0f6e07ae285cedef
Instruction Fuzzy Hash: 9371C230500205DFCF298F64D884ABA7BB6FF49350F14426AFD95AA1A6C731CC92DF60

Uniqueness

Uniqueness Score: -1.00%

Function 0018C27C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

Part of subcall function 00102344: GetCursorPos.USER32(?), ref: 00102357
Part of subcall function 00102344: ScreenToClient.USER32(001C67B0,?), ref: 00102374
Part of subcall function 00102344: GetAsyncKeyState.USER32(00000001), ref: 00102399
Part of subcall function 00102344: GetAsyncKeyState.USER32(00000002), ref: 001023A7

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 0018C2E4
ImageList_EndDrag.COMCTL32 ref: 0018C2EA
ReleaseCapture.USER32 ref: 0018C2F0
SetWindowTextW.USER32(?,00000000), ref: 0018C39A
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0018C3AD
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 0018C48F

Strings

@GUI_DRAGFILE, xrefs: 0018C424
@GUI_DROPID, xrefs: 0018C3E1

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: f516b631ba679d06dcfa40d056405318b0cf015b82d9f26eeaed81eb60debd93
Instruction ID: ab5a63af3e46699f3d04a19716d74ee9f20403e86b605cdd5f93c1d952967cc1
Opcode Fuzzy Hash: f516b631ba679d06dcfa40d056405318b0cf015b82d9f26eeaed81eb60debd93
Instruction Fuzzy Hash: A1517C70204304AFDB00EF14C895F6A7BE5EB98310F10452DF9958B2E1DB71EA95CF62

Uniqueness

Uniqueness Score: -1.00%

Function 00178F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,0018F910), ref: 0017903D
FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0018F910), ref: 00179071
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 001791EB
SysFreeString.OLEAUT32(?), ref: 00179215

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Free$FileLibraryModuleNamePathQueryStringType
String ID:
API String ID: 560350794-0
Opcode ID: 5d339787e7c2e1efebc9556a727c2313ee90c17633e21b22e6f779f622afb14b
Instruction ID: 98c8cb9a575d8c3555e06516476c25151ff50f0eb714015268b9214f2173de66
Opcode Fuzzy Hash: 5d339787e7c2e1efebc9556a727c2313ee90c17633e21b22e6f779f622afb14b
Instruction Fuzzy Hash: 60F12F71A00109EFDF04DFA4C888EAEB7B9FF49315F108459F519AB291DB71AE45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0017F9A8 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0017F9C9
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0017FB5C
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0017FB80
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0017FBC0
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0017FBE2
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0017FD5E
GetLastError.KERNEL32(00000000,00000001,00000000), ref: 0017FD90
CloseHandle.KERNEL32(?), ref: 0017FDBF
CloseHandle.KERNEL32(?), ref: 0017FE36

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
String ID:
API String ID: 4090791747-0
Opcode ID: 60f6197d1251e6a237e597a1abda00d560560904e197299e0d44af4646c45787
Instruction ID: b9d00158b14503ce50fb80b2a84f814617f716ec946532075b90c97898f09295
Opcode Fuzzy Hash: 60f6197d1251e6a237e597a1abda00d560560904e197299e0d44af4646c45787
Instruction Fuzzy Hash: 88E1A031204341DFCB25EF24C891A6BBBF1AF94314F14896DF8999B2A2DB71DC46CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00164F63 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 001648AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,001638D3,?), ref: 001648C7

Part of subcall function 001648AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,001638D3,?), ref: 001648E0

Part of subcall function 00164CD3: GetFileAttributesW.KERNEL32(?,00163947), ref: 00164CD4

lstrcmpiW.KERNEL32(?,?), ref: 00164FE2
_wcscmp.LIBCMT ref: 00164FFC
MoveFileW.KERNEL32(?,?), ref: 00165017

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
String ID:
API String ID: 793581249-0
Opcode ID: a045af1153360f3bce79d3d3e2109e1a527aab05c3f8fcb91159bb333d216146
Instruction ID: c3e0cfcfc8d92fedebc43e120dd965be2903c63059c952e99a6ecd5facaf763d
Opcode Fuzzy Hash: a045af1153360f3bce79d3d3e2109e1a527aab05c3f8fcb91159bb333d216146
Instruction Fuzzy Hash: 145152B24087859BC724DBA0DC819DFB3ECAF95340F00492EF599D3191EF74A6988766

Uniqueness

Uniqueness Score: -1.00%

Function 001888B4 Relevance: 13.7, APIs: 9, Instructions: 168COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0018896E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 9cf6ca191f6254c9e070371b17bc45cd231e66f5453aac031f841bc3b898fb33
Instruction ID: 57e697a40baef68b0c9d8ff9c5363d3b88b1ec9c5931671c8dbf8eac5f381f14
Opcode Fuzzy Hash: 9cf6ca191f6254c9e070371b17bc45cd231e66f5453aac031f841bc3b898fb33
Instruction Fuzzy Hash: 23518F30A00208BBEF28BF28CC89BA97B65BB15314FA04516F555E75E1DF71AB809F91

Uniqueness

Uniqueness Score: -1.00%

Function 00102B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0013C547
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0013C569
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0013C581
ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0013C59F
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0013C5C0
DestroyIcon.USER32(00000000), ref: 0013C5CF
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0013C5EC
DestroyIcon.USER32(?), ref: 0013C5FB

Part of subcall function 0018A71E: DeleteObject.GDI32(00000000), ref: 0018A757

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
String ID:
API String ID: 2819616528-0
Opcode ID: 019868616bb80e1ff6b7afbbfa28bb5bb2e6275e1c93dd355dc600141d0a89ef
Instruction ID: 6d6ad3f1b22073823d6fbd6a3c424f6d526aeeda8ed1c1cc5170fb39b48f17d0
Opcode Fuzzy Hash: 019868616bb80e1ff6b7afbbfa28bb5bb2e6275e1c93dd355dc600141d0a89ef
Instruction Fuzzy Hash: 24516C70600209EFDB24DF64CC49FAA7BB5EB58350F204529F942A76E0DBB1ED91DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00158E03 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00158A84,00000B00,?,?), ref: 00158E0C
HeapAlloc.KERNEL32(00000000,?,00158A84,00000B00,?,?), ref: 00158E13
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00158A84,00000B00,?,?), ref: 00158E28
GetCurrentProcess.KERNEL32(?,00000000,?,00158A84,00000B00,?,?), ref: 00158E30
DuplicateHandle.KERNEL32(00000000,?,00158A84,00000B00,?,?), ref: 00158E33
GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00158A84,00000B00,?,?), ref: 00158E43
GetCurrentProcess.KERNEL32(00158A84,00000000,?,00158A84,00000B00,?,?), ref: 00158E4B
DuplicateHandle.KERNEL32(00000000,?,00158A84,00000B00,?,?), ref: 00158E4E
CreateThread.KERNEL32(00000000,00000000,00158E74,00000000,00000000,00000000), ref: 00158E68

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 4d23afc4e8edd7a6d07732477ca3819ccf3d93f6240849a5b6e6522604e80889
Instruction ID: 8adb5ef223e6fdd6f85f7faa7f9efd3c4f908619ee782fca243e5b1530a525fe
Opcode Fuzzy Hash: 4d23afc4e8edd7a6d07732477ca3819ccf3d93f6240849a5b6e6522604e80889
Instruction Fuzzy Hash: 3101BBB5240348FFE710ABA5DC8DF6B3BACEB89711F004425FA05DB5A1CA749951CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00179428 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 263COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0017947C
VariantInit.OLEAUT32(?), ref: 0017954D
VariantInit.OLEAUT32(?), ref: 0017964E
VariantClear.OLEAUT32(?), ref: 00179658
VariantClear.OLEAUT32(?), ref: 001796B5

Strings

Null Object assignment in FOR..IN loop, xrefs: 001794DD, 0017960B, 001796C3
Incorrect Object type in FOR..IN loop, xrefs: 00179631

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Variant$ClearInit$_memset
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2862541840-625585964
Opcode ID: ac7bca2972c4676816ccc02828d58a3c26d29ea0d865db4f5b74d1c750f3233e
Instruction ID: 7c926db30e69f1d51fe5f2d8e360ae9423b77142b8fce192ebe5e5de8fecadff
Opcode Fuzzy Hash: ac7bca2972c4676816ccc02828d58a3c26d29ea0d865db4f5b74d1c750f3233e
Instruction Fuzzy Hash: B591A071A00219AFDF24DFA5C848FAEBBB8EF45714F10C15AF519AB280D7709949CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00179A72 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 00157652: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?,?,?,0015799D), ref: 0015766F
Part of subcall function 00157652: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?,?), ref: 0015768A
Part of subcall function 00157652: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?,?), ref: 00157698
Part of subcall function 00157652: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?), ref: 001576A8

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00179B1B
_memset.LIBCMT ref: 00179B28
_memset.LIBCMT ref: 00179C6B
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00179C97
CoTaskMemFree.OLE32(?), ref: 00179CA2

Strings

NULL Pointer assignment, xrefs: 00179CF0

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
String ID: NULL Pointer assignment
API String ID: 1300414916-2785691316
Opcode ID: 0eaf779e922dd9f6e5ab81c3b0b82806f3d6e2a2703c41899f904636cddb7d04
Instruction ID: 3bed2273821a72e3108e2a60ab6eb14f327744bb79f302578fcb5d4bc767622b
Opcode Fuzzy Hash: 0eaf779e922dd9f6e5ab81c3b0b82806f3d6e2a2703c41899f904636cddb7d04
Instruction Fuzzy Hash: BF912971D00229EBDF10DFA4DC85EDEBBB9AF18710F20815AF519A7281DB716A45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00186FEF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00187093
SendMessageW.USER32(?,00001036,00000000,?), ref: 001870A7
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 001870C1
_wcscat.LIBCMT ref: 0018711C
SendMessageW.USER32(?,00001057,00000000,?), ref: 00187133
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00187161

Strings

SysListView32, xrefs: 00187065

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$Window_wcscat
String ID: SysListView32
API String ID: 307300125-78025650
Opcode ID: 7ade76ee983cfb90eadcdc3ed39cdd4627f28004a559088c7d4487c48aa36bf7
Instruction ID: e00faa29f64b7cf7cdcfefe8f49df24042941262a4a3425bff221bcb160f2155
Opcode Fuzzy Hash: 7ade76ee983cfb90eadcdc3ed39cdd4627f28004a559088c7d4487c48aa36bf7
Instruction Fuzzy Hash: 8B417071904308AFDB21AFA4CC85BEE77A8EF08354F20456AF584A71D1D771DE858F60

Uniqueness

Uniqueness Score: -1.00%

Function 0017EC47 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00163E91: CreateToolhelp32Snapshot.KERNEL32 ref: 00163EB6
Part of subcall function 00163E91: Process32FirstW.KERNEL32(00000000,?), ref: 00163EC4
Part of subcall function 00163E91: CloseHandle.KERNEL32(00000000), ref: 00163F8E

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0017ECB8
GetLastError.KERNEL32 ref: 0017ECCB
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0017ECFA
TerminateProcess.KERNEL32(00000000,00000000), ref: 0017ED77
GetLastError.KERNEL32(00000000), ref: 0017ED82
CloseHandle.KERNEL32(00000000), ref: 0017EDB7

Strings

SeDebugPrivilege, xrefs: 0017ECD6

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: 5e040c921646c4450a8f80f87f0e59c68a109aac0f6751b1b40a6667d6447cca
Instruction ID: eb343a2f6c8c19f0c47a3a45bd155a2c28e2d2bee68f5f31f5a3d292aa9e3c0c
Opcode Fuzzy Hash: 5e040c921646c4450a8f80f87f0e59c68a109aac0f6751b1b40a6667d6447cca
Instruction Fuzzy Hash: A241BE712002019FDB24EF64CC95F6EB7E5AF64714F08809DF8469F2C2DBB5A945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00163226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 001632C5

Strings

question, xrefs: 0016327E
warning, xrefs: 001632AE
stop, xrefs: 00163296
info, xrefs: 00163266
blank, xrefs: 00163247

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: f301a6692e7b7f3864ca612d251287b3a89f3b5d80641cfe3466a34a8c440958
Instruction ID: 8f7e5bc7ceb39d013b5626b8b010009f5f5719d1660872ca7e8aaf9f6ba3ad5b
Opcode Fuzzy Hash: f301a6692e7b7f3864ca612d251287b3a89f3b5d80641cfe3466a34a8c440958
Instruction Fuzzy Hash: 2A110A31248356BBE7055B55ECA3CABB3ACDF19370F20002EF920A61C1E7755B6146B5

Uniqueness

Uniqueness Score: -1.00%

Function 00164534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 0016454E
LoadStringW.USER32(00000000), ref: 00164555
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0016456B
LoadStringW.USER32(00000000), ref: 00164572
_wprintf.LIBCMT ref: 00164598
MessageBoxW.USER32(00000000,?,?,00011010), ref: 001645B6

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00164593

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wprintf
String ID: %s (%d) : ==> %s: %s %s
API String ID: 3648134473-3128320259
Opcode ID: 7b69f700ebf1492677ede02fca7a7b4df897e94aa89f9eaf751d1531baaed0cc
Instruction ID: 572c66ad582ddebcc25c9220f9c9f53b5c7292a19550e4b7ed6261af75f901e2
Opcode Fuzzy Hash: 7b69f700ebf1492677ede02fca7a7b4df897e94aa89f9eaf751d1531baaed0cc
Instruction Fuzzy Hash: DD014FF2900208BFE750A7A09D89EE6776CEB08301F1005A9BB46E2051EB749FD68B70

Uniqueness

Uniqueness Score: -1.00%

Function 0018D74C Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

GetSystemMetrics.USER32(0000000F), ref: 0018D78A
GetSystemMetrics.USER32(0000000F), ref: 0018D7AA
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0018D9E5
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0018DA03
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0018DA24
ShowWindow.USER32(00000003,00000000), ref: 0018DA43
InvalidateRect.USER32(?,00000000,00000001), ref: 0018DA68
DefDlgProcW.USER32(?,00000005,?,?), ref: 0018DA8B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 841d5264158704985f2fb803d980c563daee3a1c0d2ab86ce3e44a61a9fc07f2
Instruction ID: aec75c22202d237e694c2eb1b85d1ccde52b6ef208598047908a83a5d0cb776a
Opcode Fuzzy Hash: 841d5264158704985f2fb803d980c563daee3a1c0d2ab86ce3e44a61a9fc07f2
Instruction Fuzzy Hash: C8B19971A00225EBDF18DF68D9C5BAD7BB1BF44700F198069EC48AB295D734AA90CF50

Uniqueness

Uniqueness Score: -1.00%

Function 00102A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0013C417,00000004,00000000,00000000,00000000), ref: 00102ACF
ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,0013C417,00000004,00000000,00000000,00000000,000000FF), ref: 00102B17
ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,0013C417,00000004,00000000,00000000,00000000), ref: 0013C46A
ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0013C417,00000004,00000000,00000000,00000000), ref: 0013C4D6

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 77070f69f79e43ded9728a89ec0ad06caee79cfbc6eb1354fc5797721c6ac0ec
Instruction ID: 12977e47108a2d3fab2f400b44073ae6cec5187186421ada4887b37ee082251f
Opcode Fuzzy Hash: 77070f69f79e43ded9728a89ec0ad06caee79cfbc6eb1354fc5797721c6ac0ec
Instruction Fuzzy Hash: 39410C30704780DADB398B28CC9CB7A7B92AB55304F25841DE0C797DE0CBF59882D750

Uniqueness

Uniqueness Score: -1.00%

Function 00167368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 0016737F

Part of subcall function 00120FF6: std::exception::exception.LIBCMT ref: 0012102C
Part of subcall function 00120FF6: __CxxThrowException@8.LIBCMT ref: 00121041

ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 001673B6
EnterCriticalSection.KERNEL32(?), ref: 001673D2
_memmove.LIBCMT ref: 00167420
_memmove.LIBCMT ref: 0016743D
LeaveCriticalSection.KERNEL32(?), ref: 0016744C
ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00167461
InterlockedExchange.KERNEL32(?,000001F6), ref: 00167480

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
String ID:
API String ID: 256516436-0
Opcode ID: 76b411c8cf518e2455c55aa9ef74b71bb3dede966ba311be63ffe363ccd80310
Instruction ID: 1f35e2bc717628f69700e53524e5155495d134bcd4263e60932a3b2cc85a1948
Opcode Fuzzy Hash: 76b411c8cf518e2455c55aa9ef74b71bb3dede966ba311be63ffe363ccd80310
Instruction Fuzzy Hash: 14319031904215EBCF10DF64DD89AAFBB78FF44710B1441B9F904AB286DB30DA61CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00186442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 0018645A
GetDC.USER32(00000000), ref: 00186462
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0018646D
ReleaseDC.USER32(00000000,00000000), ref: 00186479
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 001864B5
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 001864C6
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00189299,?,?,000000FF,00000000,?,000000FF,?), ref: 00186500
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00186520

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 4531968358872a490a2aec96172846fd083ffec53de579c068b2392c22fee882
Instruction ID: 41c5af929cfb52d3b9441fcf936b26d67a72c56d1cef7095e327d7ebbd1845e9
Opcode Fuzzy Hash: 4531968358872a490a2aec96172846fd083ffec53de579c068b2392c22fee882
Instruction Fuzzy Hash: E7317F76201214BFEB119F50CC8AFEA3FA9EF09761F044169FE089A291D7759D82CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0015C072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 0015C087
_memcmp.LIBCMT ref: 0015C0A9
_memcmp.LIBCMT ref: 0015C0C1
_memcmp.LIBCMT ref: 0015C0D4
_memcmp.LIBCMT ref: 0015C0EE
_memcmp.LIBCMT ref: 0015C101
_memcmp.LIBCMT ref: 0015C119
_memcmp.LIBCMT ref: 0015C134

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: c795db144574f246cc2a125aeb29be550e77748d9369f653ad86a3588752261f
Instruction ID: 2a3ebbc0a49336b66c4e061c8819c9011b588f29f88bded14c672a6e15f6a500
Opcode Fuzzy Hash: c795db144574f246cc2a125aeb29be550e77748d9369f653ad86a3588752261f
Instruction Fuzzy Hash: 4721D475A00715FFDA14ED219C86FBF239CAF30396B080020FD159B6C2E7A1DE2986E5

Uniqueness

Uniqueness Score: -1.00%

Function 0016ED8E Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

Part of subcall function 0011FEC6: _wcscpy.LIBCMT ref: 0011FEE9

_wcstok.LIBCMT ref: 0016EEFF
_wcscpy.LIBCMT ref: 0016EF8E
_memset.LIBCMT ref: 0016EFC1

Strings

X, xrefs: 0016EFFE

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _wcscpy$__itow__swprintf_memset_wcstok
String ID: X
API String ID: 774024439-3081909835
Opcode ID: 49482afb11b80347fed91844d4aa29870c415aa8d22915728cfb661dd6f13c02
Instruction ID: 83527d73ec035b2c63cd53b58b8468a40595941400ac451c873210a1680a22ac
Opcode Fuzzy Hash: 49482afb11b80347fed91844d4aa29870c415aa8d22915728cfb661dd6f13c02
Instruction Fuzzy Hash: 90C18C716083009FC724EF24D995AAAB7E4BF95310F00496DF8D99B2E2DB70ED55CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00101424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee248bbe0143d6d46620c5570de0a96671ff9c96c5f92e6c892a7605b678be0b
Instruction ID: cedd1763fd6464cf9c0c3541333fef7abdc0e77d692851221e1ccb1134db23a1
Opcode Fuzzy Hash: ee248bbe0143d6d46620c5570de0a96671ff9c96c5f92e6c892a7605b678be0b
Instruction Fuzzy Hash: 2C718C71900109FFCB04CF98CC89ABEBB79FF85314F208159F955AA291D778AA51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00176E8A Relevance: 10.7, APIs: 7, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29dc8e88ffd392992b49f6ad4dbf908a14cf7846f0787d24cda097e2956484a0
Instruction ID: 2d2893bb2d948a420f4b6f5960f2dad40dbb230e865ad0c2a32bd9482f4a3f26
Opcode Fuzzy Hash: 29dc8e88ffd392992b49f6ad4dbf908a14cf7846f0787d24cda097e2956484a0
Instruction Fuzzy Hash: 2161E131508300ABD710EF24CC95E6FB7E9AF99714F50891CF5999B2E2DBB0AD44CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0018B60B Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(018660A8), ref: 0018B6A5
IsWindowEnabled.USER32(018660A8), ref: 0018B6B1
SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0018B795
SendMessageW.USER32(018660A8,000000B0,?,?), ref: 0018B7CC
IsDlgButtonChecked.USER32(?,?), ref: 0018B809
GetWindowLongW.USER32(018660A8,000000EC), ref: 0018B82B
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0018B843

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: cdec9201ad8275ffa3aaa0bf33afa744dd9468477502c630844c915db4ab6a21
Instruction ID: 8357cf2cb6f69e70751b1b64f2bd67e53ddf038c882c6695fcef2201281d35ac
Opcode Fuzzy Hash: cdec9201ad8275ffa3aaa0bf33afa744dd9468477502c630844c915db4ab6a21
Instruction Fuzzy Hash: D7719C74608304AFDB24AF64C8D4FAA7BB9FF99300F244469F946972A1D731AA81CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0017F732 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0017F75C
_memset.LIBCMT ref: 0017F825
ShellExecuteExW.SHELL32(?), ref: 0017F86A

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

Part of subcall function 0011FEC6: _wcscpy.LIBCMT ref: 0011FEE9

GetProcessId.KERNEL32(00000000), ref: 0017F8E1
CloseHandle.KERNEL32(00000000), ref: 0017F910

Strings

@, xrefs: 0017F839

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
String ID: @
API String ID: 3522835683-2766056989
Opcode ID: f80436e39a64d901ab10e0468a53dabd34fef7fb82e663cb686dae765325448c
Instruction ID: 4b8b984b8ee02c24de5113af6d855c1479d5bc323a5ad20894b679bd0ec58aa9
Opcode Fuzzy Hash: f80436e39a64d901ab10e0468a53dabd34fef7fb82e663cb686dae765325448c
Instruction Fuzzy Hash: 8F618E75A00619DFCF14DF94C490AAEBBF5FF58310B14846DE89AAB391CB70AE41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0016145D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 0016149C
GetKeyboardState.USER32(?), ref: 001614B1
SetKeyboardState.USER32(?), ref: 00161512
PostMessageW.USER32(?,00000101,00000010,?), ref: 00161540
PostMessageW.USER32(?,00000101,00000011,?), ref: 0016155F
PostMessageW.USER32(?,00000101,00000012,?), ref: 001615A5
PostMessageW.USER32(?,00000101,0000005B,?), ref: 001615C8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: fc13de94523b2d62926b9050c0970e189089a69fa41d3829f5b67390d72faab8
Instruction ID: 7caa4f1ee4187c8351a0ef507d172a6224c38279f8a1afa3388a0165eb656a24
Opcode Fuzzy Hash: fc13de94523b2d62926b9050c0970e189089a69fa41d3829f5b67390d72faab8
Instruction Fuzzy Hash: 225100A1A043D53EFB364238CC45BBABEA96B46304F0C8589E5D6868D2C7D8ECE4D750

Uniqueness

Uniqueness Score: -1.00%

Function 00161276 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 001612B5
GetKeyboardState.USER32(?), ref: 001612CA
SetKeyboardState.USER32(?), ref: 0016132B
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00161357
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00161374
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 001613B8
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 001613D9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 370b868c7604fd92982046d06876c8eb6261b82a2988f19b565b605f84727a28
Instruction ID: b94921c649904326cbdccb0efaf9b5faeaf7a5c1d1d7034b8372ab33b6461e7b
Opcode Fuzzy Hash: 370b868c7604fd92982046d06876c8eb6261b82a2988f19b565b605f84727a28
Instruction Fuzzy Hash: 9C5114A19047D53DFB3287248C55BBABFA9AF06310F0C858DE1D586DC2D794ECA4E760

Uniqueness

Uniqueness Score: -1.00%

Function 0016589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 001658AC
_wcsncpy.LIBCMT ref: 001658E1
_wcsncpy.LIBCMT ref: 00165913
_wcsncpy.LIBCMT ref: 00165946
_wcsncpy.LIBCMT ref: 00165988
_wcsncpy.LIBCMT ref: 001659C2
_wcsncpy.LIBCMT ref: 001659F1

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _wcsncpy$LocalTime
String ID:
API String ID: 2945705084-0
Opcode ID: 228369f03015988c982303ef694b6d19cfd3fa5936fc2b309ad39f9e1b32cf2e
Instruction ID: 6da08bc3cd6b4eb3eb6c13acfe756010ea78f239980428baa7ba443a13a3d4f6
Opcode Fuzzy Hash: 228369f03015988c982303ef694b6d19cfd3fa5936fc2b309ad39f9e1b32cf2e
Instruction Fuzzy Hash: A241D465C20228B6CB10EBF4DC869DFB3A99F15310F508852F518E3121F734E764C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 001638AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 001648AA: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,001638D3,?), ref: 001648C7

Part of subcall function 001648AA: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,001638D3,?), ref: 001648E0

lstrcmpiW.KERNEL32(?,?), ref: 001638F3
_wcscmp.LIBCMT ref: 0016390F
MoveFileW.KERNEL32(?,?), ref: 00163927
_wcscat.LIBCMT ref: 0016396F
SHFileOperationW.SHELL32(?), ref: 001639DB

Strings

\*.*, xrefs: 00163969

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
String ID: \*.*
API String ID: 1377345388-1173974218
Opcode ID: d7cdfaa4d32493b8f2c5861e8528634f8a05cc7387bb07d3aa38178887882fbd
Instruction ID: d2199307fbb0dd0f45269a7cb904269feb576367cea1bc10c2aeb1062ed62b9c
Opcode Fuzzy Hash: d7cdfaa4d32493b8f2c5861e8528634f8a05cc7387bb07d3aa38178887882fbd
Instruction Fuzzy Hash: 0941A0724083449AC751EF64D8819EFB7ECAF98340F00082EF499C3251EB74D798CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00187500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00187519
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 001875C0
IsMenu.USER32(?), ref: 001875D8
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00187620
DrawMenuBar.USER32 ref: 00187633

Strings

0, xrefs: 0018750D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert_memset
String ID: 0
API String ID: 3866635326-4108050209
Opcode ID: 6e9bc8683950428cf3b5294e383fcda89251cd8f9ff87537feea46956963cd3f
Instruction ID: da03746701382de8952887ba295f5201f6071ca574458a52c17504280224a84c
Opcode Fuzzy Hash: 6e9bc8683950428cf3b5294e383fcda89251cd8f9ff87537feea46956963cd3f
Instruction Fuzzy Hash: C3410875A04609EFDB10EF54D884E9ABBF8FF04314F248129E955A7690D730EE51CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0018122D Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 0018125C
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00181286
FreeLibrary.KERNEL32(00000000), ref: 0018133D

Part of subcall function 0018122D: RegCloseKey.ADVAPI32(?), ref: 001812A3
Part of subcall function 0018122D: FreeLibrary.KERNEL32(?), ref: 001812F5
Part of subcall function 0018122D: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00181318

RegDeleteKeyW.ADVAPI32(?,?), ref: 001812E0

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: EnumFreeLibrary$CloseDeleteOpen
String ID:
API String ID: 395352322-0
Opcode ID: 3104dd48f173a9aa3630bda36e86d20e57ccd0a8ea34450a00ef0481c59a4f7e
Instruction ID: 6677938d405175bce1e6ee2d71737ec21eef15f9d2acd4701f149b6dcf89748e
Opcode Fuzzy Hash: 3104dd48f173a9aa3630bda36e86d20e57ccd0a8ea34450a00ef0481c59a4f7e
Instruction Fuzzy Hash: B9311AB2901119BFDB14AB90DC89EFEB7BDEB08310F100169F905E2551EB749F869FA0

Uniqueness

Uniqueness Score: -1.00%

Function 0018653C Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 0018655B
GetWindowLongW.USER32(018660A8,000000F0), ref: 0018658E
GetWindowLongW.USER32(018660A8,000000F0), ref: 001865C3
SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 001865F5
SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 0018661F
GetWindowLongW.USER32(00000000,000000F0), ref: 00186630
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0018664A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: c8872a1b3a5b0f1a8c5cb376a09b6d594945df5d9f74c28f64bcbae9a7b7c620
Instruction ID: ca3e6f7ebcecde5dd715010022ba6f157c268b3bdc1c3bc5d6bc3bef55b0067f
Opcode Fuzzy Hash: c8872a1b3a5b0f1a8c5cb376a09b6d594945df5d9f74c28f64bcbae9a7b7c620
Instruction Fuzzy Hash: A2310270604250AFDB209F18DC89F553BE1FB4A750F2902A8F5018B6B5CB61EE81DF41

Uniqueness

Uniqueness Score: -1.00%

Function 00176486 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON

Download Yara Rule

APIs

Part of subcall function 001780A0: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 001780CB

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 001764D9
WSAGetLastError.WSOCK32(00000000), ref: 001764E8
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00176521
connect.WSOCK32(00000000,?,00000010), ref: 0017652A
WSAGetLastError.WSOCK32 ref: 00176534
closesocket.WSOCK32(00000000), ref: 0017655D
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00176576

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
String ID:
API String ID: 910771015-0
Opcode ID: aa576016a9666eb3f87abd08eac481757c00a1e917f2f73cca46278f752b33bb
Instruction ID: 720572ee4c17e94090e3be0459ad1c9407b0398d1b34f05b431341eb04f47d2a
Opcode Fuzzy Hash: aa576016a9666eb3f87abd08eac481757c00a1e917f2f73cca46278f752b33bb
Instruction Fuzzy Hash: B731E231600218AFDB10AF24CC89BBE7BBCEB45750F008069FD4AD7291CB70AD45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0015E0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0015E0FA
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0015E120
SysAllocString.OLEAUT32(00000000), ref: 0015E123
SysAllocString.OLEAUT32 ref: 0015E144
SysFreeString.OLEAUT32 ref: 0015E14D
StringFromGUID2.OLE32(?,?,00000028), ref: 0015E167
SysAllocString.OLEAUT32(?), ref: 0015E175

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: d2b8c21fa6a3b7faaad3d42adcc62358f8ea507549107624692e01bc696a8dc6
Instruction ID: e5e2fe4e7f2f3b13cd1541f7854c8ddbe9521ada6439a016ce4b4499d5ebd6cd
Opcode Fuzzy Hash: d2b8c21fa6a3b7faaad3d42adcc62358f8ea507549107624692e01bc696a8dc6
Instruction Fuzzy Hash: 56217475604508EF9B149FA8DCC8CAB77ECEB09761B108129FD65CB2A0DB70DD858B64

Uniqueness

Uniqueness Score: -1.00%

Function 0018783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00101D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00101D73
Part of subcall function 00101D35: GetStockObject.GDI32(00000011), ref: 00101D87
Part of subcall function 00101D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00101D91

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 001878A1
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 001878AE
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 001878B9
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 001878C8
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 001878D4

Strings

Msctls_Progress32, xrefs: 00187872

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 28f8cfe31d13b0a87da3b80e447f869eaed8fea9f5175fda8a92072bbdbeba47
Instruction ID: 6cffb17015346e414972f1dbcdc2038b45cd2f98b0d5654a39916ed539bd7840
Opcode Fuzzy Hash: 28f8cfe31d13b0a87da3b80e447f869eaed8fea9f5175fda8a92072bbdbeba47
Instruction Fuzzy Hash: 9911B2B2114219BFEF159F60CC85EE77F6DEF09758F114114FA04A2090CB72AC21DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 001241C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00124292,?), ref: 001241E3
GetProcAddress.KERNEL32(00000000), ref: 001241EA
EncodePointer.KERNEL32(00000000), ref: 001241F6
DecodePointer.KERNEL32(00000001,00124292,?), ref: 00124213

Strings

combase.dll, xrefs: 001241DE
RoInitialize, xrefs: 001241D2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoInitialize$combase.dll
API String ID: 3489934621-340411864
Opcode ID: 5f3d34495ee34df7e784242e1376b2f37fe2aee5babdca0878e7428c6b6b0ee6
Instruction ID: 54e78df0a3d0e7782f1bda244c5aee42a750f14115267719da6606a05c06ccbc
Opcode Fuzzy Hash: 5f3d34495ee34df7e784242e1376b2f37fe2aee5babdca0878e7428c6b6b0ee6
Instruction Fuzzy Hash: 65E01AB0690300AFEF216BB1FC1DF043AE5B720B02F144428F891D58A0DBB5A1E6DF01

Uniqueness

Uniqueness Score: -1.00%

Function 0012429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,001241B8), ref: 001242B8
GetProcAddress.KERNEL32(00000000), ref: 001242BF
EncodePointer.KERNEL32(00000000), ref: 001242CA
DecodePointer.KERNEL32(001241B8), ref: 001242E5

Strings

combase.dll, xrefs: 001242B3
RoUninitialize, xrefs: 001242A7

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoUninitialize$combase.dll
API String ID: 3489934621-2819208100
Opcode ID: 4e07a68e394745bebf2be5580bbbe295d8323ac12742b812f4bc8f16822305c3
Instruction ID: ce0ffcdbac28f668db8f3fdead4861f1545205ea9e6e3086a62d6874dfaafa2f
Opcode Fuzzy Hash: 4e07a68e394745bebf2be5580bbbe295d8323ac12742b812f4bc8f16822305c3
Instruction Fuzzy Hash: 79E0B678695310EFEB209B61FD1DF453EA4B724B42F144028F441E19A0CBB4A6D5DB14

Uniqueness

Uniqueness Score: -1.00%

Function 0016675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 001668AD
_memmove.LIBCMT ref: 001667E8

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

_memmove.LIBCMT ref: 0016685B
_memmove.LIBCMT ref: 00166942
_memmove.LIBCMT ref: 0016695B
_memmove.LIBCMT ref: 00166977

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove$__itow__swprintf
String ID:
API String ID: 3253778849-0
Opcode ID: 85db79b2357762b9e250be41096e75e0a8b11e2f4c8f4dceac26103551ccb84f
Instruction ID: ff94375e4e19e7bd0c3fe35b18bb8fa2ec92b1520ce787eba3d2afbd8fa1ca27
Opcode Fuzzy Hash: 85db79b2357762b9e250be41096e75e0a8b11e2f4c8f4dceac26103551ccb84f
Instruction Fuzzy Hash: DD61AC3050029AABCF15EF64CC92EFE37A9AF24308F054519FC955B1D2DB70AD25CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0018046F Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 001810A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00180038,?,?), ref: 001810BC

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00180548
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00180588
RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 001805AB
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 001805D4
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00180617
RegCloseKey.ADVAPI32(00000000), ref: 00180624

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
String ID:
API String ID: 4046560759-0
Opcode ID: 0b8cc1ba662d66ddaded2146bf3d54a9d7bf680846e799bb8cf8f3c971bef958
Instruction ID: ee8ad6bcde27c97f3656db2088fc91d188237fc48d747b3b7da500199c2f76c7
Opcode Fuzzy Hash: 0b8cc1ba662d66ddaded2146bf3d54a9d7bf680846e799bb8cf8f3c971bef958
Instruction Fuzzy Hash: 5B516A31608204AFCB15EB24C885E6FBBE9FF98314F04491DF495871A1DB71EA59CF52

Uniqueness

Uniqueness Score: -1.00%

Function 00185A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00185A82
GetMenuItemCount.USER32(00000000), ref: 00185AB9
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00185AE1
GetMenuItemID.USER32(?,?), ref: 00185B50
GetSubMenu.USER32(?,?), ref: 00185B5E
PostMessageW.USER32(?,00000111,?,00000000), ref: 00185BAF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Menu$Item$CountMessagePostString
String ID:
API String ID: 650687236-0
Opcode ID: cdcdb42fea1c3ef50c87fc6df4ecc5514b0a5e35669a9835eb74feb3d2231c98
Instruction ID: 68f0328dba5feafc4e8767e532db3aa50eedc84ac20cbe99cef67a1a40254b8e
Opcode Fuzzy Hash: cdcdb42fea1c3ef50c87fc6df4ecc5514b0a5e35669a9835eb74feb3d2231c98
Instruction Fuzzy Hash: 2F516D35A00625EFCF15EFA4C885AAEB7B6EF58310F1044A9E851BB351DB70AF418F90

Uniqueness

Uniqueness Score: -1.00%

Function 0015F3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0015F3F7
VariantClear.OLEAUT32(00000013), ref: 0015F469
VariantClear.OLEAUT32(00000000), ref: 0015F4C4
_memmove.LIBCMT ref: 0015F4EE
VariantClear.OLEAUT32(?), ref: 0015F53B
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 0015F569

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType_memmove
String ID:
API String ID: 1101466143-0
Opcode ID: 8ab36695aa9775a507397567724f83560e5f81dfe32b7b11da3130066f598a10
Instruction ID: 6693ae5af0d4c95b2a94b12fe3a64938fce2996ebec895da699eccc4adbbe59f
Opcode Fuzzy Hash: 8ab36695aa9775a507397567724f83560e5f81dfe32b7b11da3130066f598a10
Instruction Fuzzy Hash: 32515C75A00209DFCB14CF58D884AAAB7B8FF4C354B15856DED59DB340E730E956CB60

Uniqueness

Uniqueness Score: -1.00%

Function 001626F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00162747
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00162792
IsMenu.USER32(00000000), ref: 001627B2
CreatePopupMenu.USER32 ref: 001627E6
GetMenuItemCount.USER32(000000FF), ref: 00162844
InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00162875

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup_memset
String ID:
API String ID: 3311875123-0
Opcode ID: 3f06a8864280697647166a10dd0bd538106521a3a5e36741f222c62a45d31b85
Instruction ID: 68b323501d3c11b15ae4dd2972861fc40e216261ce5df43852b0819a2190c0d2
Opcode Fuzzy Hash: 3f06a8864280697647166a10dd0bd538106521a3a5e36741f222c62a45d31b85
Instruction Fuzzy Hash: C551C270A01B0AEFDF24CF68DC88BAEBBF9AF55314F108169E8119B2D1D7709964CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00101765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

BeginPaint.USER32(?,?,?,?,?,?), ref: 0010179A
GetWindowRect.USER32(?,?), ref: 001017FE
ScreenToClient.USER32(?,?), ref: 0010181B
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0010182C
EndPaint.USER32(?,?), ref: 00101876

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: PaintWindow$BeginClientLongRectScreenViewport
String ID:
API String ID: 1827037458-0
Opcode ID: 330f5ce1f380eba6dfe6276d4ad7a50cd9be29d3cdc1302595206ce7dfd193b5
Instruction ID: 6f813fdc8a88a4afce59a348ebb51258ad5760a9099b248663f1eee4fb992388
Opcode Fuzzy Hash: 330f5ce1f380eba6dfe6276d4ad7a50cd9be29d3cdc1302595206ce7dfd193b5
Instruction Fuzzy Hash: 9C41AB70104300AFD710DF24CC84FBA7BE8EB59724F144629FAA48B2E1D775D985DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0018B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(001C67B0,00000000,018660A8,?,?,001C67B0,?,0018B862,?,?), ref: 0018B9CC
EnableWindow.USER32(00000000,00000000), ref: 0018B9F0
ShowWindow.USER32(001C67B0,00000000,018660A8,?,?,001C67B0,?,0018B862,?,?), ref: 0018BA50
ShowWindow.USER32(00000000,00000004,?,0018B862,?,?), ref: 0018BA62
EnableWindow.USER32(00000000,00000001), ref: 0018BA86
SendMessageW.USER32(?,0000130C,?,00000000), ref: 0018BAA9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: c8885fdd22b7a36d1e0378bb09e6706df2a0086cfb19668415c5d854f225e7b9
Instruction ID: 7a3945eab673165078a2d8e79ccf19f62716b4d26119fefb872cafbeb07d0e4b
Opcode Fuzzy Hash: c8885fdd22b7a36d1e0378bb09e6706df2a0086cfb19668415c5d854f225e7b9
Instruction Fuzzy Hash: 12415E74608241EFDB26DF24C4C9B957BE1BF05314F1842B9FA588F6A2C731AA46CF51

Uniqueness

Uniqueness Score: -1.00%

Function 001773B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,00175134,?,?,00000000,00000001), ref: 001773BF

Part of subcall function 00173C94: GetWindowRect.USER32(?,?), ref: 00173CA7

GetDesktopWindow.USER32 ref: 001773E9
GetWindowRect.USER32(00000000), ref: 001773F0
mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00177422

Part of subcall function 001654E6: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0016555E

GetCursorPos.USER32(?), ref: 0017744E
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 001774AC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
String ID:
API String ID: 4137160315-0
Opcode ID: 260f4a052f39f1447cc5dcbc43dc0dd47df04e52e88256226f95b30ac3dffeab
Instruction ID: cd5f7c359519eec34447e02f4d75c5bfbd65ae9b5518cdc95ef511751e953ff4
Opcode Fuzzy Hash: 260f4a052f39f1447cc5dcbc43dc0dd47df04e52e88256226f95b30ac3dffeab
Instruction Fuzzy Hash: 2B31D272508305ABD720DF14DC49E9BBBEAFF98314F004919F589A7191DB30EA59CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00158D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 001585F1: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00158608
Part of subcall function 001585F1: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00158612
Part of subcall function 001585F1: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00158621
Part of subcall function 001585F1: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00158628
Part of subcall function 001585F1: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0015863E

GetLengthSid.ADVAPI32(?,00000000,00158977), ref: 00158DAC
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00158DB8
HeapAlloc.KERNEL32(00000000), ref: 00158DBF
CopySid.ADVAPI32(00000000,00000000,?), ref: 00158DD8
GetProcessHeap.KERNEL32(00000000,00000000,00158977), ref: 00158DEC
HeapFree.KERNEL32(00000000), ref: 00158DF3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: d741e7b6a8001b635c87bb5b010707f4ace3108f009e36471c19a9a3bfbf9d1b
Instruction ID: fed42328d0e97bfc22f20696468a42fb1160735729d7084bd20284acc2ffab98
Opcode Fuzzy Hash: d741e7b6a8001b635c87bb5b010707f4ace3108f009e36471c19a9a3bfbf9d1b
Instruction Fuzzy Hash: E211AC71500605FFDB149FA4CC49BBE7BBAEF55316F10402DF855AB290DB329A49CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00158AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00158B2A
OpenProcessToken.ADVAPI32(00000000), ref: 00158B31
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00158B40
CloseHandle.KERNEL32(00000004), ref: 00158B4B
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00158B7A
DestroyEnvironmentBlock.USERENV(00000000), ref: 00158B8E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 09e2907bae0bde1a2c194235152f269695aa63f634d73d60c783b9d197b42ef7
Instruction ID: 6c6c7253948a1c513dfdd8dbb1e37063ca1664185a5683cd3c1710e20883516c
Opcode Fuzzy Hash: 09e2907bae0bde1a2c194235152f269695aa63f634d73d60c783b9d197b42ef7
Instruction Fuzzy Hash: CF115CB2600249EFDF018FA4DD49FDA7BADEF08305F144068FE04A6160C7758E65EB60

Uniqueness

Uniqueness Score: -1.00%

Function 0018C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 001012F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0010134D
Part of subcall function 001012F3: SelectObject.GDI32(?,00000000), ref: 0010135C
Part of subcall function 001012F3: BeginPath.GDI32(?), ref: 00101373
Part of subcall function 001012F3: SelectObject.GDI32(?,00000000), ref: 0010139C

MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0018C1C4
LineTo.GDI32(00000000,00000003,?), ref: 0018C1D8
MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0018C1E6
LineTo.GDI32(00000000,00000000,?), ref: 0018C1F6
EndPath.GDI32(00000000), ref: 0018C206
StrokePath.GDI32(00000000), ref: 0018C216

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: a608394f8776554d21e7c11e9375bf916e5237ce97bb8242ce4f984c61cb7e0f
Instruction ID: a66920b2d675795ed6dc142a598f23f6c149e6b038dff0a79b88d4c286b4fd1a
Opcode Fuzzy Hash: a608394f8776554d21e7c11e9375bf916e5237ce97bb8242ce4f984c61cb7e0f
Instruction Fuzzy Hash: 00111B7640010CBFDF119F90DC88FAA7FADEB08354F048025BA184A5A1C7719E95DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 001203A2 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 001203D3
MapVirtualKeyW.USER32(00000010,00000000), ref: 001203DB
MapVirtualKeyW.USER32(000000A0,00000000), ref: 001203E6
MapVirtualKeyW.USER32(000000A1,00000000), ref: 001203F1
MapVirtualKeyW.USER32(00000011,00000000), ref: 001203F9
MapVirtualKeyW.USER32(00000012,00000000), ref: 00120401

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: ecc1c50ad56c152c95a5f273f10a71e11c6a5cbbdafd59ff76fc506a7ea13f6b
Instruction ID: 3a5b3b6abc3211033bded7833d2f52598a50a95246d326b033a52104302388fa
Opcode Fuzzy Hash: ecc1c50ad56c152c95a5f273f10a71e11c6a5cbbdafd59ff76fc506a7ea13f6b
Instruction Fuzzy Hash: AB016CB09017597DE3008F5A8C85B52FFA8FF19354F00411FA15C87941C7F5A864CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0016568B Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 0016569B
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 001656B1
GetWindowThreadProcessId.USER32(?,?), ref: 001656C0
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 001656CF
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 001656D9
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 001656E0

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 0adb9a6a350f76fa9800bd7c4ee0adc804fa42bdc4c6ebf5c26eb8c1297b5354
Instruction ID: 15e979d5dd050292158a920ca4aa729bd415fbe2bb19011983e54e5f8a9cbe69
Opcode Fuzzy Hash: 0adb9a6a350f76fa9800bd7c4ee0adc804fa42bdc4c6ebf5c26eb8c1297b5354
Instruction Fuzzy Hash: 4DF01D32241158BBE7215BA2DC0DEEB7A7CEFCAB11F00026DFA04D1450E7A11B52C7B5

Uniqueness

Uniqueness Score: -1.00%

Function 001674D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 001674E5
EnterCriticalSection.KERNEL32(?,?,00111044,?,?), ref: 001674F6
TerminateThread.KERNEL32(00000000,000001F6,?,00111044,?,?), ref: 00167503
WaitForSingleObject.KERNEL32(00000000,000003E8,?,00111044,?,?), ref: 00167510

Part of subcall function 00166ED7: CloseHandle.KERNEL32(00000000,?,0016751D,?,00111044,?,?), ref: 00166EE1

InterlockedExchange.KERNEL32(?,000001F6), ref: 00167523
LeaveCriticalSection.KERNEL32(?,?,00111044,?,?), ref: 0016752A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: 94ee2e91d33539ef183e2c4994cc6529267d30b472d48f5e5cc442ad9e1313b3
Instruction ID: 8b5280ef47b9dc8200de85eda7a0bd2a8bbb2fc21d9ae5a40a04f09dd377b44b
Opcode Fuzzy Hash: 94ee2e91d33539ef183e2c4994cc6529267d30b472d48f5e5cc442ad9e1313b3
Instruction Fuzzy Hash: FBF05E3A140612EBDB111B64FC8C9EB772AEF45312F10057AF203918B0DB759AA2CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00158E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00158E7F
UnloadUserProfile.USERENV(?,?), ref: 00158E8B
CloseHandle.KERNEL32(?), ref: 00158E94
CloseHandle.KERNEL32(?), ref: 00158E9C
GetProcessHeap.KERNEL32(00000000,?), ref: 00158EA5
HeapFree.KERNEL32(00000000), ref: 00158EAC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: c5ad9f5a92342d20b40b20fa928379830b4c3092e1e060f650aa74333dd6169d
Instruction ID: 9657344a33dea905542b4ef84223b81e2a14e473641811dad4dd6a5689060a52
Opcode Fuzzy Hash: c5ad9f5a92342d20b40b20fa928379830b4c3092e1e060f650aa74333dd6169d
Instruction Fuzzy Hash: 64E0C236004001FBDA011FE1EC0C90ABB69FB89322B108238F219C1874CB3295A2DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00178902 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00178928
CharUpperBuffW.USER32(?,?), ref: 00178A37
VariantClear.OLEAUT32(?), ref: 00178BAF

Part of subcall function 00167804: VariantInit.OLEAUT32(00000000), ref: 00167844
Part of subcall function 00167804: VariantCopy.OLEAUT32(00000000,?), ref: 0016784D
Part of subcall function 00167804: VariantClear.OLEAUT32(00000000), ref: 00167859

Strings

AUTOIT.ERROR, xrefs: 00178A3D
Incorrect Parameter format, xrefs: 00178960, 00178B22

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4237274167-1221869570
Opcode ID: 4e180e11f7b56ba8cabcd48cd0134adbc1221300efade7fce4f4850c8f5c0ad9
Instruction ID: 767366cf86feb644bf7e5c4ed96b0b80a438b256ee52484824db5d474aaff99c
Opcode Fuzzy Hash: 4e180e11f7b56ba8cabcd48cd0134adbc1221300efade7fce4f4850c8f5c0ad9
Instruction Fuzzy Hash: 4C915C71648301DFCB14DF24C48495ABBF4EF99314F14896EF89A8B3A2DB31E945CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00162F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0011FEC6: _wcscpy.LIBCMT ref: 0011FEE9

_memset.LIBCMT ref: 00163077
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 001630A6
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00163159
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00163187

Strings

0, xrefs: 00163063

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ItemMenu$Info$Default_memset_wcscpy
String ID: 0
API String ID: 4152858687-4108050209
Opcode ID: 7a4a96840c47b7b9479d2ada47b1cda6b0f877a6676bf27b20e8dfa1a02c0a77
Instruction ID: 83c967a63fa662374336716079602939072ac3854c49f4800cd2ada0344531d0
Opcode Fuzzy Hash: 7a4a96840c47b7b9479d2ada47b1cda6b0f877a6676bf27b20e8dfa1a02c0a77
Instruction Fuzzy Hash: 6B51B1316083009FD7299F28DC45A6BB7E8EF66320F04492DF8A5D31D1DB70CE648792

Uniqueness

Uniqueness Score: -1.00%

Function 0015DA5D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0015DAC5
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0015DAFB
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0015DB0C
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0015DB8E

Strings

DllGetClassObject, xrefs: 0015DB01

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: 991dacdb1cdd26f0d7837d20c916f6705b02e64c77735581cad20dbfe3f1171c
Instruction ID: ebfcde7a3a3405610c5764eb37742a0c9b4dd46699b1578a9cbd5d5834763843
Opcode Fuzzy Hash: 991dacdb1cdd26f0d7837d20c916f6705b02e64c77735581cad20dbfe3f1171c
Instruction Fuzzy Hash: EA4193B1600208EFDB25CF54D884AAA7BFAEF45311F1680ADED159F205D7B1DE48CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00162C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00162CAF
GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00162CCB
DeleteMenu.USER32(?,00000007,00000000), ref: 00162D11
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,001C6890,00000000), ref: 00162D5A

Strings

0, xrefs: 00162CA4

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Menu$Delete$InfoItem_memset
String ID: 0
API String ID: 1173514356-4108050209
Opcode ID: 0e78f9c81a06d61346d2c824805b9272423409a53991eded6d97b0c4d5e6bced
Instruction ID: 5f6f76e1537ce892dfc4a90f5d1d26d951e1413619a79a31b947c54f836ff2f7
Opcode Fuzzy Hash: 0e78f9c81a06d61346d2c824805b9272423409a53991eded6d97b0c4d5e6bced
Instruction Fuzzy Hash: A941BF302057029FD724DF64CC44B5ABBE8EF85320F14466DF9A5972E1D770E925CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0017DAB9 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0017DAD9

Part of subcall function 001079AB: _memmove.LIBCMT ref: 001079F9

Strings

none, xrefs: 0017DBB4
stdcall, xrefs: 0017DB5B
cdecl, xrefs: 0017DB30
winapi, xrefs: 0017DB4A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharLower_memmove
String ID: cdecl$none$stdcall$winapi
API String ID: 3425801089-567219261
Opcode ID: 739167898504be389a44f6c6759cc4076e08d150f46c570d6186ac209d2c8351
Instruction ID: 3e76a271b4805108967fcc25a319c0cc10ea341b269e0c3232f3a91947f75eba
Opcode Fuzzy Hash: 739167898504be389a44f6c6759cc4076e08d150f46c570d6186ac209d2c8351
Instruction Fuzzy Hash: B931947050461DEFCF10EF94DC819EEB3B4FF19320B108629E869A76D2DB71A906CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00159372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 0015B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0015B0E7

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 001593F6
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00159409
SendMessageW.USER32(?,00000189,?,00000000), ref: 00159439

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

Strings

ComboBox, xrefs: 00159380
ListBox, xrefs: 001593B5

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$_memmove$ClassName
String ID: ComboBox$ListBox
API String ID: 365058703-1403004172
Opcode ID: 447bbfd789564b2c2b35ed3c3c4150942e2859dc853aa660db3d88b6d54ac48b
Instruction ID: 9872cc2120e002097029b8c7efdf1c24b746b01ce810823e7a12708f72390ab9
Opcode Fuzzy Hash: 447bbfd789564b2c2b35ed3c3c4150942e2859dc853aa660db3d88b6d54ac48b
Instruction Fuzzy Hash: 3E21D0B1940108EBDB18ABB0DC858FFB778DF55360B204229F9359B2E1DB751E4A9A60

Uniqueness

Uniqueness Score: -1.00%

Function 00171B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00171B40
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00171B66
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00171B96
InternetCloseHandle.WININET(00000000), ref: 00171BDD

Part of subcall function 00172777: GetLastError.KERNEL32(?,?,00171B0B,00000000,00000000,00000001), ref: 0017278C
Part of subcall function 00172777: SetEvent.KERNEL32(?,?,00171B0B,00000000,00000000,00000001), ref: 001727A1

Strings

, xrefs: 00171B87

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: a45ef1096c22c9be76c23d394a4c4580d7e68c79022bed9276ac3a9fb1d64685
Instruction ID: c28208fa57b4b3097c2013b5276c3bd038bbf75be3734b26e4e8b35ba94cf914
Opcode Fuzzy Hash: a45ef1096c22c9be76c23d394a4c4580d7e68c79022bed9276ac3a9fb1d64685
Instruction Fuzzy Hash: 5421CFB1600208BFEB119F689C85EBF76FCEB99744F10812EF409A7240EB349E459761

Uniqueness

Uniqueness Score: -1.00%

Function 00186656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00101D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00101D73
Part of subcall function 00101D35: GetStockObject.GDI32(00000011), ref: 00101D87
Part of subcall function 00101D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00101D91

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 001866D0
LoadLibraryW.KERNEL32(?), ref: 001866D7
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 001866EC
DestroyWindow.USER32(?), ref: 001866F4

Strings

SysAnimate32, xrefs: 001866AB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
String ID: SysAnimate32
API String ID: 4146253029-1011021900
Opcode ID: 49a4ce08534af00c13e535cf438c0a4b83431ddec4c765c4ef2aa387250f9da4
Instruction ID: f3fba3988c79e5733fa089f9ce5334b779f2ce85fc3a8be89bb9b316c626864f
Opcode Fuzzy Hash: 49a4ce08534af00c13e535cf438c0a4b83431ddec4c765c4ef2aa387250f9da4
Instruction Fuzzy Hash: 2E21AE71200246BFEF106F64EC80EBB37ADEF59368F604629F91092190E7B1CE919B60

Uniqueness

Uniqueness Score: -1.00%

Function 0016703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 0016705E
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00167091
GetStdHandle.KERNEL32(0000000C), ref: 001670A3
CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 001670DD

Strings

nul, xrefs: 001670D8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 0cad3d97b2c27259bac69c42a0d4bd6e6d1d46692b82285ce9b2fdaae4fde4bd
Instruction ID: 9ef2f55786da13fc505e94ca98224c6c1f58c276e4e4dc189335445086b96fc9
Opcode Fuzzy Hash: 0cad3d97b2c27259bac69c42a0d4bd6e6d1d46692b82285ce9b2fdaae4fde4bd
Instruction Fuzzy Hash: C3217175504309ABDF209F38DC05AAAB7B8BF56728F204A19FCA1D72D0E771D961CB60

Uniqueness

Uniqueness Score: -1.00%

Function 0016710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 0016712B
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 0016715D
GetStdHandle.KERNEL32(000000F6), ref: 0016716E
CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 001671A8

Strings

nul, xrefs: 001671A3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: e4baf60f300f5eee9bc03a8b6b82b03c958b7cca9f1a01977a44de36691710be
Instruction ID: fe3a34891264cda035fb1c96675cb53386a586689eff817e9b451cd619e204b7
Opcode Fuzzy Hash: e4baf60f300f5eee9bc03a8b6b82b03c958b7cca9f1a01977a44de36691710be
Instruction Fuzzy Hash: BA219575504305ABDF209F68DC04AAAB7E8AF56738F20071AFDB1D72D0D7709961CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0016AEAB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0016AEBF
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0016AF13
__swprintf.LIBCMT ref: 0016AF2C
SetErrorMode.KERNEL32(00000000,00000001,00000000,0018F910), ref: 0016AF6A

Strings

%lu, xrefs: 0016AF26

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorMode$InformationVolume__swprintf
String ID: %lu
API String ID: 3164766367-685833217
Opcode ID: 5817eb209876e5308e7887a5d1586ed2199d154775b04ad2ec1401b59ee4c96c
Instruction ID: fb56e0eef8ea8369babf49a9f721e165cbcecda916653d1b0b7f6d50f20e9ea4
Opcode Fuzzy Hash: 5817eb209876e5308e7887a5d1586ed2199d154775b04ad2ec1401b59ee4c96c
Instruction Fuzzy Hash: F4215330A00109AFCB10EF64DD85DAE7BB8EF89714B1040A9F909EB252DB71EA55CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0015A52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

Part of subcall function 0015A37C: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0015A399
Part of subcall function 0015A37C: GetWindowThreadProcessId.USER32(?,00000000), ref: 0015A3AC
Part of subcall function 0015A37C: GetCurrentThreadId.KERNEL32 ref: 0015A3B3
Part of subcall function 0015A37C: AttachThreadInput.USER32(00000000), ref: 0015A3BA

GetFocus.USER32 ref: 0015A554

Part of subcall function 0015A3C5: GetParent.USER32(?), ref: 0015A3D3

GetClassNameW.USER32(?,?,00000100), ref: 0015A59D
EnumChildWindows.USER32(?,0015A615), ref: 0015A5C5
__swprintf.LIBCMT ref: 0015A5DF

Strings

%s%d, xrefs: 0015A5D9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
String ID: %s%d
API String ID: 1941087503-1110647743
Opcode ID: 4526aa1f0933f3055319512d00f151fe8a58db839a714397e956016f1d88af74
Instruction ID: 85894a36dac8ca482eb622038f5be8c76c4fa52200ca3ed02a6fec3e7ff50854
Opcode Fuzzy Hash: 4526aa1f0933f3055319512d00f151fe8a58db839a714397e956016f1d88af74
Instruction Fuzzy Hash: 4311D271680208ABDF10BFA0DC85FEA3778AF58711F004179FD18AE092DB705A8A8B31

Uniqueness

Uniqueness Score: -1.00%

Function 00162017 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00162048

Strings

APPEND, xrefs: 00162081
EXISTS, xrefs: 00162070
REMOVE, xrefs: 0016204E
KEYS, xrefs: 0016205F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 3964851224-769500911
Opcode ID: 2ba97215894afcc85e269cf99e0f7501cab728ca1fc389c6b31b052a4199420b
Instruction ID: f68249d10c44b63922dc9dedaab6c542243d7e30851be852d85caf4138a6a9cc
Opcode Fuzzy Hash: 2ba97215894afcc85e269cf99e0f7501cab728ca1fc389c6b31b052a4199420b
Instruction Fuzzy Hash: 93112D30E1011EDFCF40EFA4D9914EEB7B4FF29304B508569E855A7292EB326916CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0017EE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0017EF1B
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0017EF4B
GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 0017F07E
CloseHandle.KERNEL32(?), ref: 0017F0FF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Process$CloseCountersHandleInfoMemoryOpen
String ID:
API String ID: 2364364464-0
Opcode ID: e8ef8cd4968854f86e859c00717f5bae70262aafa35c7ceee24ff314954beebd
Instruction ID: 8f0db78c354ff45aa18255fd319c141ef196e09d220ce60e6490c2c7f755bfd9
Opcode Fuzzy Hash: e8ef8cd4968854f86e859c00717f5bae70262aafa35c7ceee24ff314954beebd
Instruction Fuzzy Hash: 2A8180716047109FD720DF28C896F2AB7E5AF58720F04885DF999DB3D2DBB0AC418B91

Uniqueness

Uniqueness Score: -1.00%

Function 001802C2 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 001810A5: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00180038,?,?), ref: 001810BC

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00180388
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 001803C7
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 0018040E
RegCloseKey.ADVAPI32(?,?), ref: 0018043A
RegCloseKey.ADVAPI32(00000000), ref: 00180447

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
String ID:
API String ID: 3440857362-0
Opcode ID: e886a481ca69f5698f23a3e0ed073f8394f4ecfd691ab06609e221f4512cca6e
Instruction ID: 2d84769d5a36fb81327d314df1182f45283d0514c86a9d771ba3dae5f70507e9
Opcode Fuzzy Hash: e886a481ca69f5698f23a3e0ed073f8394f4ecfd691ab06609e221f4512cca6e
Instruction Fuzzy Hash: 7D516C31208204AFD705EF64C891E6EB7E9FF98304F44892DF595872A2DB70EA49CF52

Uniqueness

Uniqueness Score: -1.00%

Function 0016E7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 0016E88A
GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 0016E8B3
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0016E8F2

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0016E917
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0016E91F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
String ID:
API String ID: 1389676194-0
Opcode ID: 019b05468753c6714502e0fabbb271f7e5f8f29461f515edc70807e9261f7031
Instruction ID: bc20372f65d844ee1751dba8ac9e0a908ddfd60d43d8e4036c6d9038f8d3b858
Opcode Fuzzy Hash: 019b05468753c6714502e0fabbb271f7e5f8f29461f515edc70807e9261f7031
Instruction Fuzzy Hash: 1F510D35A00215DFCF01EF64C9919AEBBF5FF18314B148099E849AB3A2DB71ED51DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0018A2C5 Relevance: 7.6, APIs: 5, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 590e3d8fb0060cbeff68ea3a7f93002c600370f9e9b3f228450fdf8f4f728198
Instruction ID: 5247018ed8be52bffd6c3f447195d5daa53ecd83defec36626abb55ae9d5d6de
Opcode Fuzzy Hash: 590e3d8fb0060cbeff68ea3a7f93002c600370f9e9b3f228450fdf8f4f728198
Instruction Fuzzy Hash: A341D235900204ABE724EB28CC48FA9BBA4FF09310F950166FD55A72E1D770AF81DF51

Uniqueness

Uniqueness Score: -1.00%

Function 00102344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00102357
ScreenToClient.USER32(001C67B0,?), ref: 00102374
GetAsyncKeyState.USER32(00000001), ref: 00102399
GetAsyncKeyState.USER32(00000002), ref: 001023A7

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 7643e6a9e0d36953cb2d5ef4182897d90b1389d55251e54334b922e263fbbee8
Instruction ID: ffb082fafcb81cede9952614da8d8ea470acd689a13e32a38bc3b9d2cff4ab7a
Opcode Fuzzy Hash: 7643e6a9e0d36953cb2d5ef4182897d90b1389d55251e54334b922e263fbbee8
Instruction Fuzzy Hash: 7B418231604119FBDF199F68C848AEEFB74FB19320F20431AF869A62D0C7745A94DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00156920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0015695D
TranslateAcceleratorW.USER32(?,?,?), ref: 001569A9
TranslateMessage.USER32(?), ref: 001569D2
DispatchMessageW.USER32(?), ref: 001569DC
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 001569EB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Message$PeekTranslate$AcceleratorDispatch
String ID:
API String ID: 2108273632-0
Opcode ID: e9e58acc7884856906a4dc61b36d3858fc41c0508ee071ed1aaa1160ec09c4d3
Instruction ID: b5059e305b78a8f2fceb5b1f136fa4171527876626a565deaad47a99b7f89008
Opcode Fuzzy Hash: e9e58acc7884856906a4dc61b36d3858fc41c0508ee071ed1aaa1160ec09c4d3
Instruction Fuzzy Hash: 6A31E231904246EEDB208F74CC44FB6BBA8AB1530AFA04169E831DB4A1E730D88DD7D0

Uniqueness

Uniqueness Score: -1.00%

Function 00158F01 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00158F12
PostMessageW.USER32(?,00000201,00000001), ref: 00158FBC
Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00158FC4
PostMessageW.USER32(?,00000202,00000000), ref: 00158FD2
Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00158FDA

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 34fc14e7656f0e42d500a8f15d61b9efd3f03c683addfc31181129c32fa2165a
Instruction ID: 6c2b996a1aba830781e0b55aab6f32c80db6980c0fabb69e77f318a64b29faf0
Opcode Fuzzy Hash: 34fc14e7656f0e42d500a8f15d61b9efd3f03c683addfc31181129c32fa2165a
Instruction Fuzzy Hash: 5231CE71500219EFDB14CF68DD4CAAE7BB6EB08316F10422AFD25EA1D0C7B09A58DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0015B6AF Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0015B6C7
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0015B6E4
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0015B71C
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0015B742
_wcsstr.LIBCMT ref: 0015B74C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
String ID:
API String ID: 3902887630-0
Opcode ID: 2acec10a29b8b7e479f32fd10a82480961a96aff92d064aebd466a72082bd20a
Instruction ID: b2e6fd59262503cda981865e98adfe12313c887c37bc7550aac47399a4bf0c61
Opcode Fuzzy Hash: 2acec10a29b8b7e479f32fd10a82480961a96aff92d064aebd466a72082bd20a
Instruction Fuzzy Hash: F9210731208244FBEB255B39AC89E7B7B98DF49711F10412DFC05CE1A1FB61CC4193A0

Uniqueness

Uniqueness Score: -1.00%

Function 0018B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

GetWindowLongW.USER32(?,000000F0), ref: 0018B44C
SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0018B471
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0018B489
GetSystemMetrics.USER32(00000004), ref: 0018B4B2
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00171184,00000000), ref: 0018B4D0

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$Long$MetricsSystem
String ID:
API String ID: 2294984445-0
Opcode ID: 70634cd65f06573fb6cb26332c66ca25b26dc4ecd668d3bea5e1fc640d2a736e
Instruction ID: 5b23abb2e52823e002345650b658206b8e718ef69d0add4d2afa99733963b750
Opcode Fuzzy Hash: 70634cd65f06573fb6cb26332c66ca25b26dc4ecd668d3bea5e1fc640d2a736e
Instruction Fuzzy Hash: 04219F31918615AFCB14AF388C89A6A3BA4FB05720F254738F927D25E2E7309A51DF80

Uniqueness

Uniqueness Score: -1.00%

Function 001597E9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00159802

Part of subcall function 00107D2C: _memmove.LIBCMT ref: 00107D66

SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00159834
__itow.LIBCMT ref: 0015984C
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00159874
__itow.LIBCMT ref: 00159885

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$__itow$_memmove
String ID:
API String ID: 2983881199-0
Opcode ID: 537641c928081bce655ff2ea94dcb51b31311b11df69d505c50099ed3c2eb6d7
Instruction ID: e28b3fc9e9fb10e8bb08b90ca3e413c83940165273026233bfdf1600355b0f90
Opcode Fuzzy Hash: 537641c928081bce655ff2ea94dcb51b31311b11df69d505c50099ed3c2eb6d7
Instruction Fuzzy Hash: E521C871B00208EBDF109A65CC86EEE7BA9EF59721F140029FD14DF291D7B09D4987D2

Uniqueness

Uniqueness Score: -1.00%

Function 001012F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0010134D
SelectObject.GDI32(?,00000000), ref: 0010135C
BeginPath.GDI32(?), ref: 00101373
SelectObject.GDI32(?,00000000), ref: 0010139C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: cba3d0b1a318c950083730bf3f49729d6193546707300e3aa2fbc0fd3796abe8
Instruction ID: f4dd3ee78aaf7b698ccc3b87d8cc8c59cbaaf29a833da131be3066b1139128b6
Opcode Fuzzy Hash: cba3d0b1a318c950083730bf3f49729d6193546707300e3aa2fbc0fd3796abe8
Instruction Fuzzy Hash: 8F213D71800308EFDB119F25DC08B697FB9FB00321F54822AF8509A9E0D7B9D9D6DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0015C161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 0015C176
_memcmp.LIBCMT ref: 0015C194
_memcmp.LIBCMT ref: 0015C1A7
_memcmp.LIBCMT ref: 0015C1BF
_memcmp.LIBCMT ref: 0015C1D7

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 97042eff3b8ea98dba4790e55f62978ac6018e2ca2cadb593d0bf2e3f251724c
Instruction ID: c6005fd452131a4188615f11dbea2c19c42f9a5150b4ae02c9adfcb2f9d9f231
Opcode Fuzzy Hash: 97042eff3b8ea98dba4790e55f62978ac6018e2ca2cadb593d0bf2e3f251724c
Instruction Fuzzy Hash: 6C01B5B1A44715FFE604EA209C86FAF779C9B31395F444021FD149A283EBA0EE25C3E1

Uniqueness

Uniqueness Score: -1.00%

Function 00164D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00164D5C
__beginthreadex.LIBCMT ref: 00164D7A
MessageBoxW.USER32(?,?,?,?), ref: 00164D8F
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00164DA5
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00164DAC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
String ID:
API String ID: 3824534824-0
Opcode ID: b6713742bb572285c521214f510c84095e2164711901d56759f77ad1daa51d96
Instruction ID: c8db491483373a0914c623ae5b48eb39aa1a0a3fcc2188fcec47651297f0f166
Opcode Fuzzy Hash: b6713742bb572285c521214f510c84095e2164711901d56759f77ad1daa51d96
Instruction Fuzzy Hash: 171104B6D04208BBC7119BA8DC08EDA7FACEB95320F144369F915D3650D775CD9087A0

Uniqueness

Uniqueness Score: -1.00%

Function 0015874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00158766
GetLastError.KERNEL32(?,0015822A,?,?,?), ref: 00158770
GetProcessHeap.KERNEL32(00000008,?,?,0015822A,?,?,?), ref: 0015877F
HeapAlloc.KERNEL32(00000000,?,0015822A,?,?,?), ref: 00158786
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 0015879D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: cc55fa79d32d28b97d5361fa79ce4a40b4850b0afa1fe2fb420b7a4cfc1bc7ea
Instruction ID: c224878e72b6ca5a22e9b944543898a2d46dcb1a3294af158a42acd4dce13a20
Opcode Fuzzy Hash: cc55fa79d32d28b97d5361fa79ce4a40b4850b0afa1fe2fb420b7a4cfc1bc7ea
Instruction Fuzzy Hash: 75014B71200608EFDB204FA6DC88D6BBBADFF897567200569FC49D6260DB718D55CB60

Uniqueness

Uniqueness Score: -1.00%

Function 001654E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00165502
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00165510
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00165518
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00165522
Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0016555E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: 795f2a60a4415da376c0705ed6901ec63ebca7ddaefb4e8939ffd593bca30531
Instruction ID: 20de50155518ff426b9d544973600cbcb77f83bd1de9ace9147305e426e5ceef
Opcode Fuzzy Hash: 795f2a60a4415da376c0705ed6901ec63ebca7ddaefb4e8939ffd593bca30531
Instruction Fuzzy Hash: 28013931C04A29DBCF009FE8EC8D5EDBB7ABB09711F01045AE902F2550DB3096A087A1

Uniqueness

Uniqueness Score: -1.00%

Function 00157652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?,?,?,0015799D), ref: 0015766F
ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?,?), ref: 0015768A
lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?,?), ref: 00157698
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?), ref: 001576A8
CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,0015758C,80070057,?,?), ref: 001576B4

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: c377f82476e62645c05dab69b17333f417e2bf6efa8ade9302811f2a17a87bb4
Instruction ID: d403a197625921b815faf26b63a518bf3de0612afa1be6e46c5630f8be3f62c1
Opcode Fuzzy Hash: c377f82476e62645c05dab69b17333f417e2bf6efa8ade9302811f2a17a87bb4
Instruction Fuzzy Hash: B101F772600614FFEB105F58EC05BAA7FACEF45752F100028FD08D6261E731DE4587A0

Uniqueness

Uniqueness Score: -1.00%

Function 001585F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00158608
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00158612
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00158621
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00158628
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0015863E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 75853f3ece63f91a821df827439844f39b2984f8bef8d6843495f164df89d0c1
Instruction ID: 50057363a76477fc72afd87b2f3e45cf45d081b2cf642a0273b7cb5860cfcd93
Opcode Fuzzy Hash: 75853f3ece63f91a821df827439844f39b2984f8bef8d6843495f164df89d0c1
Instruction Fuzzy Hash: 58F04935201304EFEB100FA9DCCDE6B3BAEEF8A755B100429F949DA160DB619D86DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00158652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00158669
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00158673
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00158682
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00158689
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0015869F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: b1924276a5d82ae66f1e5330689b1a62963ba8146422cc3558ae3f279221079c
Instruction ID: 5b127c959a093fc19decead051daf2f8d95b682b1054269a28462ae219d9ff1c
Opcode Fuzzy Hash: b1924276a5d82ae66f1e5330689b1a62963ba8146422cc3558ae3f279221079c
Instruction Fuzzy Hash: 96F0AF70200304EFEB111FA5EC88E6B7BACEF89755B240029F905D6150DBA09A86DB60

Uniqueness

Uniqueness Score: -1.00%

Function 0015C6A6 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 0015C6BA
GetWindowTextW.USER32(00000000,?,00000100), ref: 0015C6D1
MessageBeep.USER32(00000000), ref: 0015C6E9
KillTimer.USER32(?,0000040A), ref: 0015C705
EndDialog.USER32(?,00000001), ref: 0015C71F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: bcb54f18564fb8b5e7f05ed7d5f4a769431063449ad8e06660253d242ee2cd38
Instruction ID: b287264a95c42a18f8e1b222f88e54ea0473f845bbf505fe672d28ea703bf416
Opcode Fuzzy Hash: bcb54f18564fb8b5e7f05ed7d5f4a769431063449ad8e06660253d242ee2cd38
Instruction Fuzzy Hash: 45016230500704ABEB255F20DD4EF9677B9FF04706F10066DF992A58E1EBE4AA998F90

Uniqueness

Uniqueness Score: -1.00%

Function 001013B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 001013BF
StrokeAndFillPath.GDI32(?,?,0013BAD8,00000000,?), ref: 001013DB
SelectObject.GDI32(?,00000000), ref: 001013EE
DeleteObject.GDI32 ref: 00101401
StrokePath.GDI32(?), ref: 0010141C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: bfbea85a6e5c826cb88a5ff32e48bc839f0a6bc69eb5a70a252e8ab9f9284124
Instruction ID: 5ddd07ca4fedbc4d7b108c44c6e3fc09504b71146391128ee321af29e94d8669
Opcode Fuzzy Hash: bfbea85a6e5c826cb88a5ff32e48bc839f0a6bc69eb5a70a252e8ab9f9284124
Instruction Fuzzy Hash: D7F07430104708EFDB155F66ED4CB583FA5AB01326F148229F469898F1C779CAE6DF51

Uniqueness

Uniqueness Score: -1.00%

Function 00112E5B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON

Download Yara Rule

APIs

Part of subcall function 00120FF6: std::exception::exception.LIBCMT ref: 0012102C
Part of subcall function 00120FF6: __CxxThrowException@8.LIBCMT ref: 00121041

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 00107BB1: _memmove.LIBCMT ref: 00107C0B

__swprintf.LIBCMT ref: 0011302D

Strings

\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00112EC6

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
API String ID: 1943609520-557222456
Opcode ID: 418e84f5a40e271f449d24114cc013b6f777d1622122cffd916feda50abb7502
Instruction ID: 66ee3cf18e7d9d302fffcd4820adf0cd89284d2daa18f82ed1126afb25087957
Opcode Fuzzy Hash: 418e84f5a40e271f449d24114cc013b6f777d1622122cffd916feda50abb7502
Instruction Fuzzy Hash: 69917D715083019FCB18EF24D895CAFB7E4EFA9750F00492DF4969B2A5DB60EE48CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0012524D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 001252DD

Part of subcall function 00130340: __87except.LIBCMT ref: 0013037B

Strings

pow, xrefs: 001252B5, 001252D2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: ae0a280e17b8a37feed4d6a7b54886f14473afa46224cb60af357dc6efc7b1b5
Instruction ID: e7393fe2a54708a8c8ac33ee9e512b847e6b838dc28b008bac6893843848e634
Opcode Fuzzy Hash: ae0a280e17b8a37feed4d6a7b54886f14473afa46224cb60af357dc6efc7b1b5
Instruction Fuzzy Hash: DB518821A1CA02D7CB16B724E9A137E2BD5AF04350F208D59F0C5826EAEF74CDE4DA42

Uniqueness

Uniqueness Score: -1.00%

Function 0012023B Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON

Download Yara Rule

Strings

+, xrefs: 00120277
#, xrefs: 00120280

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID: #$+
API String ID: 0-2552117581
Opcode ID: 250535a6309d1eec0d05ec6a94d504ebbf5388d20c5e30a8a694fb82534e3946
Instruction ID: ab742c5a538bc37ca79d52584fb93924a7834ab08d3a0650f5ad081d91032217
Opcode Fuzzy Hash: 250535a6309d1eec0d05ec6a94d504ebbf5388d20c5e30a8a694fb82534e3946
Instruction Fuzzy Hash: CA513E36100256CFCB1ADFA8D4986FA7BB1FF2A310F180055ECA09F2A1D7709C5ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 001162F2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 001163A8
_memmove.LIBCMT ref: 00116446
_memset.LIBCMT ref: 0011646A

Strings

ERCP, xrefs: 00116313

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memset$_memmove
String ID: ERCP
API String ID: 2532777613-1384759551
Opcode ID: 9ae903d0640e8dbd3a47361d1e28e4ea9159e6646f09751a97da7300d8ca27ec
Instruction ID: e0610951a7610d9730b245a0bd144fba0ca7fefd0cca63c4691c6e48fc441231
Opcode Fuzzy Hash: 9ae903d0640e8dbd3a47361d1e28e4ea9159e6646f09751a97da7300d8ca27ec
Instruction Fuzzy Hash: 6651A071900719DBDB28CF65C881BEABBF4EF04314F20857EE95ADBA41E7729694CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00187648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 001876D0
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 001876E4
SendMessageW.USER32(?,00001002,00000000,?), ref: 00187708

Strings

SysMonthCal32, xrefs: 0018769B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 1254b7e12f0736614b8629f1286c7006afcbab78dc42a2feb1ad202e064cd243
Instruction ID: 0d787e274deda78259755bc48f367b924c67352c43183d874a726aaa8df09571
Opcode Fuzzy Hash: 1254b7e12f0736614b8629f1286c7006afcbab78dc42a2feb1ad202e064cd243
Instruction Fuzzy Hash: 2A21BF32504218BBDF119FA4CC86FEA3B69EF58714F210214FE156B1D0DBB1E9918BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00186F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00186FAA
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00186FBA
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00186FDF

Strings

Listbox, xrefs: 00186F77

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 7fbdc3ed3b0697884124262415224f631824d3b3e09551687a45e7dbf3d3d1b8
Instruction ID: f8a65fab301ffbd2a240519f3db732637572e9ac72b80c0cec40fac264ea3343
Opcode Fuzzy Hash: 7fbdc3ed3b0697884124262415224f631824d3b3e09551687a45e7dbf3d3d1b8
Instruction Fuzzy Hash: AB21A432610118BFDF119F54DC85FAB3BAAEF89754F118124FA149B190CB71ED51CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0018797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 001879E1
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 001879F6
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00187A03

Strings

msctls_trackbar32, xrefs: 001879B8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: 0a2d68f5c9f889b0f51f35faf769efb7924ceab4a35fa0e7b573c818ddc3cb5e
Instruction ID: 0e64b85105ce8d07818927de9db650a992edbebebee7393149a25b917b0e623a
Opcode Fuzzy Hash: 0a2d68f5c9f889b0f51f35faf769efb7924ceab4a35fa0e7b573c818ddc3cb5e
Instruction Fuzzy Hash: 98112332244208BAEF14AF60CC45FEB3BADEF89764F220518FA41A20D0D372D851CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00104C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00104C2E), ref: 00104CA3
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00104CB5

Strings

kernel32.dll, xrefs: 00104C9E
GetNativeSystemInfo, xrefs: 00104CAF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 2574300362-192647395
Opcode ID: f0c0bae47ced28a71999c2f0830de0c162d7a348318408f4d8e21187ba1c920c
Instruction ID: f0ec017a9eaee63f5795ef2441f0a29d9076e53365db7eada793d3fb7a00071d
Opcode Fuzzy Hash: f0c0bae47ced28a71999c2f0830de0c162d7a348318408f4d8e21187ba1c920c
Instruction Fuzzy Hash: 91D01770610723CFE720AF31DA5864676E5AF05B91F11883E98C6D6590E7B0D9C1CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00104D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00104D2E,?,00104F4F,?,001C62F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00104D6F
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00104D81

Strings

Wow64DisableWow64FsRedirection, xrefs: 00104D7B
kernel32.dll, xrefs: 00104D6A

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 2574300362-3689287502
Opcode ID: 011b8f2b235d5bd6c2518140d586cc36bee45fe7c1465b60ce802b6b88d157ee
Instruction ID: 37907ddbf8c84c2da99bab403b25be48280216cbc4dfd120425e3f2c60af6184
Opcode Fuzzy Hash: 011b8f2b235d5bd6c2518140d586cc36bee45fe7c1465b60ce802b6b88d157ee
Instruction Fuzzy Hash: 5DD01770610713CFE720AF71D84865676E8AF25762B11883EE4CAD6690E7B0D8C0CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00104D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00104CE1,?), ref: 00104DA2
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00104DB4

Strings

Wow64RevertWow64FsRedirection, xrefs: 00104DAE
kernel32.dll, xrefs: 00104D9D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 2574300362-1355242751
Opcode ID: 4b2893b1ffe20c497445c6b849a0583733eff05f6c7ea0fe54d67a857c44e3c3
Instruction ID: b8c98c4e7a8d0c1318b2cd64c57c5707702385572638e2223b44845abd8df07e
Opcode Fuzzy Hash: 4b2893b1ffe20c497445c6b849a0583733eff05f6c7ea0fe54d67a857c44e3c3
Instruction Fuzzy Hash: 70D01771650713CFD720AF71D848A8676E5AF15755B11883EE8C6D6590E7B0D8C0CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00181072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,?,001812C1), ref: 00181080
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00181092

Strings

advapi32.dll, xrefs: 0018107B
RegDeleteKeyExW, xrefs: 0018108C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2574300362-4033151799
Opcode ID: 7413755763a5cd6cc764f4a35d354c2d137019a6dbc078aa9da8a2209c0a0605
Instruction ID: 825af0b03f0f095188aac1f489fa9685615de651ecd74dfcefe13fc5d9cdc3c1
Opcode Fuzzy Hash: 7413755763a5cd6cc764f4a35d354c2d137019a6dbc078aa9da8a2209c0a0605
Instruction Fuzzy Hash: 5ED0C731500312DFC320AF30CC98A5A72E8AF04361B008C3EE48ACA950E7B0D8C0CB00

Uniqueness

Uniqueness Score: -1.00%

Function 001793F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000001,00179009,?,0018F910), ref: 00179403
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00179415

Strings

GetModuleHandleExW, xrefs: 0017940F
kernel32.dll, xrefs: 001793FE

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 2574300362-199464113
Opcode ID: 8c7275ed35fcea68c35de090c49cfdc3699aab8d45a79258521a6e7176ecd41d
Instruction ID: 7355c31ddc29ead2e91af01cc1e9a32df6d133b5275f2bb0e2c1f6566c4902f8
Opcode Fuzzy Hash: 8c7275ed35fcea68c35de090c49cfdc3699aab8d45a79258521a6e7176ecd41d
Instruction Fuzzy Hash: 26D01774650713CFD7209F31DA0D64676E5AF05751B11C83EE48AD6950E770C8C5CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00141B3E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00141B42
__swprintf.LIBCMT ref: 00141B73

Strings

%.3d, xrefs: 00141B4D
WIN_XPe, xrefs: 00141BB2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: LocalTime__swprintf
String ID: %.3d$WIN_XPe
API String ID: 2070861257-2409531811
Opcode ID: ee086f0a53ab1176d19ea250bc96db54fe0b8c7bb3c0f3d92258ceb7347b24e2
Instruction ID: 4ae5bb471960411d7adc996e63d14e9812248e761a123179b958fd3dd9bf89b5
Opcode Fuzzy Hash: ee086f0a53ab1176d19ea250bc96db54fe0b8c7bb3c0f3d92258ceb7347b24e2
Instruction Fuzzy Hash: A9D01271804118FACB5C9B909C448F9737CEB08301F510692F50691450F3749BD5DB21

Uniqueness

Uniqueness Score: -1.00%

Function 001576C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95f30c9a69a2f65d313adaf34b8642aabf9ce8070f0430e44ef8ec5b35d349dd
Instruction ID: 9a8ba88844d644f6c95be78143b92b8b4c7551a1eeab75d5e3da78260b16fee3
Opcode Fuzzy Hash: 95f30c9a69a2f65d313adaf34b8642aabf9ce8070f0430e44ef8ec5b35d349dd
Instruction Fuzzy Hash: D6C18C74A04216EFCB14CF94D889EAEB7B5FF48315B158598E815EF290D730EE85CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0017E33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 0017E3D2
CharLowerBuffW.USER32(?,?), ref: 0017E415

Part of subcall function 0017DAB9: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0017DAD9

VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 0017E615
_memmove.LIBCMT ref: 0017E628

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: BuffCharLower$AllocVirtual_memmove
String ID:
API String ID: 3659485706-0
Opcode ID: 6c186d1b790cb7eb96a1879b6857eb75dd6d6e41f01ac52556cf63f868c11f56
Instruction ID: ab3986ddb1bdd5c6d6bf2e47fde8be8a00477b18c57f64b1a064bccd5e6b32a0
Opcode Fuzzy Hash: 6c186d1b790cb7eb96a1879b6857eb75dd6d6e41f01ac52556cf63f868c11f56
Instruction Fuzzy Hash: 93C159716083119FC714DF28C48096ABBF4FF98318F1489ADF8999B352D770E946CB82

Uniqueness

Uniqueness Score: -1.00%

Function 001783A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 001783D8
CoUninitialize.OLE32 ref: 001783E3

Part of subcall function 0015DA5D: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0015DAC5

VariantInit.OLEAUT32(?), ref: 001783EE
VariantClear.OLEAUT32(?), ref: 001786BF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
String ID:
API String ID: 780911581-0
Opcode ID: 4d9ce667abf5d1e83027fd992d90a10582a73fa22abbcf6628e1167d392cf731
Instruction ID: 3d46b5668820587bda3d7414e4aa7aabda6e38df1ae4cd32776cfaca5fd3d928
Opcode Fuzzy Hash: 4d9ce667abf5d1e83027fd992d90a10582a73fa22abbcf6628e1167d392cf731
Instruction Fuzzy Hash: D4A127752447019FDB10DF68C899A1AB7F4BF98314F14844DF99A9B3A2CB70ED44CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00157A78 Relevance: 6.2, APIs: 4, Instructions: 231COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00192C7C,?), ref: 00157C32
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00192C7C,?), ref: 00157C4A
CLSIDFromProgID.OLE32(?,?,00000000,0018FB80,000000FF,?,00000000,00000800,00000000,?,00192C7C,?), ref: 00157C6F
_memcmp.LIBCMT ref: 00157C90

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: f486dd0399ba7f2084846a27f64319197ca969325755b54da7db6740a0f41df8
Instruction ID: 8ff2a2de09ba8b353d0040e53c42398d3a8d56765a8f426c9d13a65e7191dab4
Opcode Fuzzy Hash: f486dd0399ba7f2084846a27f64319197ca969325755b54da7db6740a0f41df8
Instruction Fuzzy Hash: 03812E71A00109EFCB04DF94C985DEEB7B9FF89315F204598F915AB290DB71AE0ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 00156DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00156E04
SysAllocString.OLEAUT32(00000000), ref: 00156EAD
VariantCopy.OLEAUT32 ref: 00156EDC
VariantClear.OLEAUT32(?), ref: 00156F03

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Variant$AllocClearCopyInitString
String ID:
API String ID: 2808897238-0
Opcode ID: fad1016a22f6bf5382415922a8e8911cf457728cb0d19f851bafd105c0a50e7d
Instruction ID: 742adf09bbee35f3a99a740d92421858b523e52d9dceccc81e2320b9b9c0ac0a
Opcode Fuzzy Hash: fad1016a22f6bf5382415922a8e8911cf457728cb0d19f851bafd105c0a50e7d
Instruction Fuzzy Hash: A651FC30604701DBDB24AF65F896A2EB3E4AF59311F60881FFDA6CF2D1DB7098489B41

Uniqueness

Uniqueness Score: -1.00%

Function 001697E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 00105045: _fseek.LIBCMT ref: 0010505D

Part of subcall function 001699BE: _wcscmp.LIBCMT ref: 00169AAE
Part of subcall function 001699BE: _wcscmp.LIBCMT ref: 00169AC1

_free.LIBCMT ref: 0016992C
_free.LIBCMT ref: 00169933
_free.LIBCMT ref: 0016999E

Part of subcall function 00122F95: RtlFreeHeap.NTDLL(00000000,00000000,?,00129C64), ref: 00122FA9
Part of subcall function 00122F95: GetLastError.KERNEL32(00000000,?,00129C64), ref: 00122FBB

_free.LIBCMT ref: 001699A6

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
String ID:
API String ID: 1552873950-0
Opcode ID: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
Instruction ID: b6d14309d58ad8af8311e999cfceacd35a1df00743eecefca2146d5fd8c38f56
Opcode Fuzzy Hash: c040f5d591410a8d3afab51092a26b6f5939c84b98243336257d617f1f09bfd3
Instruction Fuzzy Hash: C55172B1D04218AFDF249F64DC81A9EBB7AEF48300F1004AEF649A7281DB715E90CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00189A63 Relevance: 6.1, APIs: 4, Instructions: 140COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(0186E088,?), ref: 00189AD2
ScreenToClient.USER32(00000002,00000002), ref: 00189B05
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00189B72

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: d671ec955766e01490ffa14e54509e236bd60f0b808b1de365d67c8732b3a532
Instruction ID: b48e5a278283c0044c52363c08287eeac26cf6d6c17d3577ec94a843ce653fab
Opcode Fuzzy Hash: d671ec955766e01490ffa14e54509e236bd60f0b808b1de365d67c8732b3a532
Instruction Fuzzy Hash: C1510B74A00209AFCB14DF58D885DBE7BB5FF55320F148269F8159B290D730AE81CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00176CBD Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00176CE4
WSAGetLastError.WSOCK32(00000000), ref: 00176CF4

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00176D58
WSAGetLastError.WSOCK32(00000000), ref: 00176D64

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ErrorLast$__itow__swprintfsocket
String ID:
API String ID: 2214342067-0
Opcode ID: ae6798bc2b4737d39bc9346a740b030b3fe38d035291e7c4b67a20d0ef15cd61
Instruction ID: b7cb07ca974b4134302d882c111dd1a3953de1152dd1c5e1fa022e1f16e5944b
Opcode Fuzzy Hash: ae6798bc2b4737d39bc9346a740b030b3fe38d035291e7c4b67a20d0ef15cd61
Instruction Fuzzy Hash: 9C41B174740600AFEB20AF28DC96F3A77E59B54B20F448058FA999B2D3DBB09D018B91

Uniqueness

Uniqueness Score: -1.00%

Function 0017672D Relevance: 6.1, APIs: 4, Instructions: 116COMMON

Download Yara Rule

APIs

#16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,0018F910), ref: 001767BA
_strlen.LIBCMT ref: 001767EC

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: 4ce81d30d7551fc68b7bf1bf428cc64d1f13b82b015b4fa29c6758462376cc94
Instruction ID: 4c5959b63c701ada4c81788ff75ed7e04d6eb586935906c34cd42c0b7d0e7c6d
Opcode Fuzzy Hash: 4ce81d30d7551fc68b7bf1bf428cc64d1f13b82b015b4fa29c6758462376cc94
Instruction Fuzzy Hash: 6041F531A00604AFCB14EB64DCD5EAEB3B9EF58314F14C169F8199B2D2DB70AD40CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0016BA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0016BB09
GetLastError.KERNEL32(?,00000000), ref: 0016BB2F
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0016BB54
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0016BB80

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: adaec12491d63a31589945e253fd5187b56afae561045c4cf35e6421b2df085e
Instruction ID: 696dddfa9a7f9dd7104e321f765030c3dc971b3abdaeb776be766bb65ea1cf16
Opcode Fuzzy Hash: adaec12491d63a31589945e253fd5187b56afae561045c4cf35e6421b2df085e
Instruction Fuzzy Hash: 2D415939200611DFCB10EF58C994A1DBBE1EF99314B098488FC8A9B7A2CB70FD41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00188AC0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00188B4D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 80cb799e456420a0bb8652f8873dac419d21f5c01895b07832ad46e0faac2836
Instruction ID: 85b40c80329866131372021f35251dc5c8f256437398cf1ae030b6069403abdd
Opcode Fuzzy Hash: 80cb799e456420a0bb8652f8873dac419d21f5c01895b07832ad46e0faac2836
Instruction Fuzzy Hash: 1031B4B4640204BFEB24BE58CC85FA93765EB85320FA44616FA51D76E0DF30AF809F51

Uniqueness

Uniqueness Score: -1.00%

Function 0018ADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0018AE1A
GetWindowRect.USER32(?,?), ref: 0018AE90
PtInRect.USER32(?,?,0018C304), ref: 0018AEA0
MessageBeep.USER32(00000000), ref: 0018AF11

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: d35a3dcbde526e6f6c0418cc3e7b0ab25dd5e91f25a006af67d23549094fe117
Instruction ID: d9e3eeafed34054c5d3db0897e36082879513e0011d484ff554a0f8fb1a12dd3
Opcode Fuzzy Hash: d35a3dcbde526e6f6c0418cc3e7b0ab25dd5e91f25a006af67d23549094fe117
Instruction Fuzzy Hash: C141AE70600209DFEB11EF58C884AA97BF5FF49340F5485AAE914DB251D730EA42DF92

Uniqueness

Uniqueness Score: -1.00%

Function 00160FE6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00161037
SetKeyboardState.USER32(00000080,?,00000001), ref: 00161053
PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 001610B9
SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 0016110B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 1d4d36e5a822180199c922aee04d60d72c3149c84a0960de4cfb29f12d70c6f0
Instruction ID: e41de99ec10faf68cef139d02ede1f1c81e86c9b729b34b6954a72e0100b142f
Opcode Fuzzy Hash: 1d4d36e5a822180199c922aee04d60d72c3149c84a0960de4cfb29f12d70c6f0
Instruction Fuzzy Hash: 17314631E40688BEFF358B768C05BFABBB9AB59310F1C431AF580521D1C37589E19751

Uniqueness

Uniqueness Score: -1.00%

Function 00161121 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00161176
SetKeyboardState.USER32(00000080,?,00008000), ref: 00161192
PostMessageW.USER32(00000000,00000101,00000000), ref: 001611F1
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00161243

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 104dcd9fc802dbff179f512fbf0a0c1777265a3ea1cd7250ed9519a8df02848a
Instruction ID: 38afec0d40ce78cfbe9458f4c680d6144eef50b6e0348de2843b2761c06e92b3
Opcode Fuzzy Hash: 104dcd9fc802dbff179f512fbf0a0c1777265a3ea1cd7250ed9519a8df02848a
Instruction Fuzzy Hash: 49312630A4060C7EEF358A79CC15BFABBBAAB5A310F1C431EE680925D1C3348AB59751

Uniqueness

Uniqueness Score: -1.00%

Function 00136415 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0013644B
__isleadbyte_l.LIBCMT ref: 00136479
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 001364A7
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 001364DD

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 7b5eec65f3a4170168b936a1ba3f891be3f5807995087ebe43d9f4f13837e1e0
Instruction ID: cf26387279429688d0065ffbb71b95f945ea7ae1167b85675ead071197c50439
Opcode Fuzzy Hash: 7b5eec65f3a4170168b936a1ba3f891be3f5807995087ebe43d9f4f13837e1e0
Instruction Fuzzy Hash: 4531CF31A00256FFDB258F65CC49BBA7BA5FF41320F158029F8648B1A1EB31D8A1DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00185175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00185189

Part of subcall function 0016387D: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00163897
Part of subcall function 0016387D: GetCurrentThreadId.KERNEL32 ref: 0016389E
Part of subcall function 0016387D: AttachThreadInput.USER32(00000000,?,001652A7), ref: 001638A5

GetCaretPos.USER32(?), ref: 0018519A
ClientToScreen.USER32(00000000,?), ref: 001851D5
GetForegroundWindow.USER32 ref: 001851DB

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 9fc78c41ffe57a3b0e41e67ea603898c3e29d32d87048ba41ac0a6a5a66d0b07
Instruction ID: dbef4608144cd276484e96f62f1b7ec04a11d0fafa51ed64a706e25615cb9151
Opcode Fuzzy Hash: 9fc78c41ffe57a3b0e41e67ea603898c3e29d32d87048ba41ac0a6a5a66d0b07
Instruction Fuzzy Hash: 7D310A71A00118AFDB00EFA9C8859EFB7FDEF98300F10406AE555E7242EB759E45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0018C788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

GetCursorPos.USER32(?), ref: 0018C7C2
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0013BBFB,?,?,?,?,?), ref: 0018C7D7
GetCursorPos.USER32(?), ref: 0018C824
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0013BBFB,?,?,?), ref: 0018C85E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: fb91a3db5a57ff18cd870b8124bef0da0fc07812246c804743a7b057771a2fc7
Instruction ID: 1be6131ac4eb56275d7aa27286de1379a263ae2abc80d14034cf606154c987e3
Opcode Fuzzy Hash: fb91a3db5a57ff18cd870b8124bef0da0fc07812246c804743a7b057771a2fc7
Instruction Fuzzy Hash: BE317135600118AFCB15DF58C898EEABBB6EF4A710F144169F9058B661C7319E91DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00158B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00158652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00158669
Part of subcall function 00158652: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00158673
Part of subcall function 00158652: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00158682
Part of subcall function 00158652: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00158689
Part of subcall function 00158652: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0015869F

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00158BEB
_memcmp.LIBCMT ref: 00158C0E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00158C44
HeapFree.KERNEL32(00000000), ref: 00158C4B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: f0802e47eed3bfed7ebf1e6fe2669bbcdfcce8e047c2bda7822e2e339d3701e2
Instruction ID: 887afcf8ae8f51521a385cbd5e7f8564dfefa258897de8ece12dbe04208b1a75
Opcode Fuzzy Hash: f0802e47eed3bfed7ebf1e6fe2669bbcdfcce8e047c2bda7822e2e339d3701e2
Instruction Fuzzy Hash: 27218E71E01208EFDB10DFA4C949BEEB7B8EF44356F144059E864AB240DB31AE4ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 00120BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

__setmode.LIBCMT ref: 00120BF2

Part of subcall function 00105B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00167B20,?,?,00000000), ref: 00105B8C
Part of subcall function 00105B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00167B20,?,?,00000000,?,?), ref: 00105BB0

_fprintf.LIBCMT ref: 00120C29
OutputDebugStringW.KERNEL32(?), ref: 00156331

Part of subcall function 00124CDA: _flsall.LIBCMT ref: 00124CF3

__setmode.LIBCMT ref: 00120C5E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
String ID:
API String ID: 521402451-0
Opcode ID: 048cef1ebbeb6cbd5ebc5d472c5e20c9161ebdc8b61e83b18ac8920d96655338
Instruction ID: 7da595a9db66e286f36643e0df909a56364ec03365dc836cc158d8440e815325
Opcode Fuzzy Hash: 048cef1ebbeb6cbd5ebc5d472c5e20c9161ebdc8b61e83b18ac8920d96655338
Instruction Fuzzy Hash: C6115972904218BFCB09B3B4BC479BE7B69EF69320F14025AF108571C2DF615DB68795

Uniqueness

Uniqueness Score: -1.00%

Function 00171A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00171A97

Part of subcall function 00171B21: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00171B40
Part of subcall function 00171B21: InternetCloseHandle.WININET(00000000), ref: 00171BDD

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Internet$CloseConnectHandleOpen
String ID:
API String ID: 1463438336-0
Opcode ID: ffa119bd681932be4be07b784ff6247929d1ddd7f9f0192644b6eb0b24e017c3
Instruction ID: 1d5223289402c7c21d7300d6f220e3eaa1f5863b88d4f91e97d50342cae631e0
Opcode Fuzzy Hash: ffa119bd681932be4be07b784ff6247929d1ddd7f9f0192644b6eb0b24e017c3
Instruction Fuzzy Hash: A621A135200605BFEB159F648C01FBAB7BDFF58701F11801EFA5997650EB71D911ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 0015E1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0015F5AD: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,0015E1C4,?,?,?,0015EFB7,00000000,000000EF,00000119,?,?), ref: 0015F5BC
Part of subcall function 0015F5AD: lstrcpyW.KERNEL32(00000000,?), ref: 0015F5E2
Part of subcall function 0015F5AD: lstrcmpiW.KERNEL32(00000000,?,0015E1C4,?,?,?,0015EFB7,00000000,000000EF,00000119,?,?), ref: 0015F613

lstrlenW.KERNEL32(?,00000002,?,?,?,?,0015EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 0015E1DD
lstrcpyW.KERNEL32(00000000,?), ref: 0015E203
lstrcmpiW.KERNEL32(00000002,cdecl,?,0015EFB7,00000000,000000EF,00000119,?,?,00000000), ref: 0015E237

Strings

cdecl, xrefs: 0015E22E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: e78e61999eca336c0049aa073afacfbf2da1a7942992a19d58582c9a7a25cd0f
Instruction ID: c1e1004c777e15b21c17955f970407f496ee08da023398eefa17633d6ecf1a9a
Opcode Fuzzy Hash: e78e61999eca336c0049aa073afacfbf2da1a7942992a19d58582c9a7a25cd0f
Instruction Fuzzy Hash: 8C11B136100345EFCB29AF64D84997A77A8FF44311B40402AFC16CB254EB719A55C790

Uniqueness

Uniqueness Score: -1.00%

Function 00135332 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00135351

Part of subcall function 0012594C: __FF_MSGBANNER.LIBCMT ref: 00125963
Part of subcall function 0012594C: __NMSG_WRITE.LIBCMT ref: 0012596A
Part of subcall function 0012594C: RtlAllocateHeap.NTDLL(01850000,00000000,00000001,00000000,?,?,?,00121013,?), ref: 0012598F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: c7c34fb8df44d1e3bd3c12cbcced1ea6e845d1db748f44ab6477df2422b9821e
Instruction ID: 43e343de5fb59158a068913eb6af39ca1e2479d97d8b2343572c11c031226755
Opcode Fuzzy Hash: c7c34fb8df44d1e3bd3c12cbcced1ea6e845d1db748f44ab6477df2422b9821e
Instruction Fuzzy Hash: EB110632905A29AFDB253FB0FC4565D3B9ABF20BE4F10442AF9449A190DF758991C790

Uniqueness

Uniqueness Score: -1.00%

Function 00104531 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00104560

Part of subcall function 0010410D: _memset.LIBCMT ref: 0010418D
Part of subcall function 0010410D: _wcscpy.LIBCMT ref: 001041E1
Part of subcall function 0010410D: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 001041F1

KillTimer.USER32(?,00000001,?,?), ref: 001045B5
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 001045C4
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0013D6CE

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
String ID:
API String ID: 1378193009-0
Opcode ID: ed40dc6e2cd9a6575339f727c4eb6b08efe844118a6b91829397cc2173bcdf28
Instruction ID: d39e986c15b73eec1a64867f5da9496da7728c6df42d99a1f007faa8fde8c530
Opcode Fuzzy Hash: ed40dc6e2cd9a6575339f727c4eb6b08efe844118a6b91829397cc2173bcdf28
Instruction Fuzzy Hash: 9521C5F0904784AFEB328B24AC86BE7BFEC9F11304F04009EE6DE56281C7B45A858B51

Uniqueness

Uniqueness Score: -1.00%

Function 001640B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 001640D1
_memset.LIBCMT ref: 001640F2
DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00164144
CloseHandle.KERNEL32(00000000), ref: 0016414D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle_memset
String ID:
API String ID: 1157408455-0
Opcode ID: 00908f74ca5a7c7f48a3250040b4ba34fd825d7fc323e3bcfa8b63bff2d9deb4
Instruction ID: b774ea2641a3088642ef215c1bc59455c6f25c217b195f00bafb18f1b241c5aa
Opcode Fuzzy Hash: 00908f74ca5a7c7f48a3250040b4ba34fd825d7fc323e3bcfa8b63bff2d9deb4
Instruction Fuzzy Hash: AF1194759012287AD7309AA5AC4DFABBB7CEB45760F1041AAF908D7180D6744F908BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0017667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00105B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00167B20,?,?,00000000), ref: 00105B8C
Part of subcall function 00105B75: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00167B20,?,?,00000000,?,?), ref: 00105BB0

gethostbyname.WSOCK32(?,?,?), ref: 001766AC
WSAGetLastError.WSOCK32(00000000), ref: 001766B7
_memmove.LIBCMT ref: 001766E4
inet_ntoa.WSOCK32(?), ref: 001766EF

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
String ID:
API String ID: 1504782959-0
Opcode ID: 7d4a856933af58be601a202e44eb068db7b531ea2d57d896567cd93c51affef3
Instruction ID: 3751143769782181058573b1612c8730a094fd92e97ad358e1c853a98cb4c926
Opcode Fuzzy Hash: 7d4a856933af58be601a202e44eb068db7b531ea2d57d896567cd93c51affef3
Instruction Fuzzy Hash: 03119035500508AFCF04FBA4DD96DEEB7B9AF68310B148069F506A71A2DF70AF54CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00159023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00159043
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00159055
SendMessageW.USER32(?,000000C9,?,00000000), ref: 0015906B
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00159086

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 532a44f6235c004e1854e64ce883e0c0deccbf8979fd981d646e159e54f3ad0b
Instruction ID: b633109cc9dc7b1b01465646c57bbff45963c01eecfbf33ad2518baeac9bb1ae
Opcode Fuzzy Hash: 532a44f6235c004e1854e64ce883e0c0deccbf8979fd981d646e159e54f3ad0b
Instruction Fuzzy Hash: 31114C79900218FFDB10DFA5C884E9DBB78FB48310F204195F914BB290D7716E50DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00101290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

Part of subcall function 00102612: GetWindowLongW.USER32(?,000000EB), ref: 00102623

DefDlgProcW.USER32(?,00000020,?), ref: 001012D8
GetClientRect.USER32(?,?), ref: 0013B84B
GetCursorPos.USER32(?), ref: 0013B855
ScreenToClient.USER32(?,?), ref: 0013B860

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: e10b40a43a78c9638727c38b95160713d5aac81774969743139c7e5a83b98baa
Instruction ID: bfed12aa4f2b0f0cce01e894efaeb6c087e56c5c1615ebbb3ea2f58a7664b427
Opcode Fuzzy Hash: e10b40a43a78c9638727c38b95160713d5aac81774969743139c7e5a83b98baa
Instruction Fuzzy Hash: D4113A3590011DFFCB00EF94D8899EE77B8EB15300F60045AF941E7690D774BA929BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00161652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,001601FD,?,00161250,?,00008000), ref: 0016166F
Sleep.KERNEL32(00000000,?,?,?,?,?,?,001601FD,?,00161250,?,00008000), ref: 00161694
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,001601FD,?,00161250,?,00008000), ref: 0016169E
Sleep.KERNEL32(?,?,?,?,?,?,?,001601FD,?,00161250,?,00008000), ref: 001616D1

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 31f27822a38d227701653c7d4ecef20719aace586f2e2a8a647153dee534ac6b
Instruction ID: fa6f10f02a4c12d50f98cce29a5a9cd3addf9f917db1276efee0789965152854
Opcode Fuzzy Hash: 31f27822a38d227701653c7d4ecef20719aace586f2e2a8a647153dee534ac6b
Instruction Fuzzy Hash: 81115E36C0052DE7CF049FA5DD48AEEBB78FF09751F494559E940F6240CBB056A08BD6

Uniqueness

Uniqueness Score: -1.00%

Function 00137207 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0013722B

Part of subcall function 00137912: __fltout2.LIBCMT ref: 0013793B

__cftog_l.LIBCMT ref: 00137251
__cftoe_l.LIBCMT ref: 00137283

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: 199708f3d2d13cc460f5f15e532369dc0d72ed4094e38971be27656d0574f517
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: 8D0166B204818EBBCF225E84CC018EE3F22BB29354F098615FE1858061C336C9B1AB81

Uniqueness

Uniqueness Score: -1.00%

Function 0018B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 0018B59E
ScreenToClient.USER32(?,?), ref: 0018B5B6
ScreenToClient.USER32(?,?), ref: 0018B5DA
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0018B5F5

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: fc39f7c9892623862f44888509bab69a184febe76dfb79f9bcd6511cf342bf0b
Instruction ID: bf5f4fe122f999b710719b917f8ee90dd4e23ef29befeb158f0a32b9d118c246
Opcode Fuzzy Hash: fc39f7c9892623862f44888509bab69a184febe76dfb79f9bcd6511cf342bf0b
Instruction Fuzzy Hash: EA1146B5D04209EFDB41DF99C4849EEFBB5FF08310F104166E914E3620E735AA558F50

Uniqueness

Uniqueness Score: -1.00%

Function 0018B8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0018B8FE
_memset.LIBCMT ref: 0018B90D
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,001C7F20,001C7F64), ref: 0018B93C
CloseHandle.KERNEL32 ref: 0018B94E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _memset$CloseCreateHandleProcess
String ID:
API String ID: 3277943733-0
Opcode ID: e987c6249a60794cb851b0332772956bedad67d8e4f59e7046d610c41083004c
Instruction ID: 57a0863a1e16ddc358cd1b4a37390a4a06d1cd7035f0f01c187298296793b282
Opcode Fuzzy Hash: e987c6249a60794cb851b0332772956bedad67d8e4f59e7046d610c41083004c
Instruction Fuzzy Hash: BBF05EB25443107BE2102771AC85FBB3A5CEB18354F000028BA28E55D2D7B589508BB8

Uniqueness

Uniqueness Score: -1.00%

Function 00166E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 00166E88

Part of subcall function 0016794E: _memset.LIBCMT ref: 00167983

_memmove.LIBCMT ref: 00166EAB
_memset.LIBCMT ref: 00166EB8
LeaveCriticalSection.KERNEL32(?), ref: 00166EC8

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CriticalSection_memset$EnterLeave_memmove
String ID:
API String ID: 48991266-0
Opcode ID: c5bf101b0b0e18a0adeeb8e2a95f6c1fee2a7fab2f47e619e18385d64baada4d
Instruction ID: 2820ebaf5f8a6af7b73f0a8e28df72a2f6aa00368d0a408bea9368727aa3e80e
Opcode Fuzzy Hash: c5bf101b0b0e18a0adeeb8e2a95f6c1fee2a7fab2f47e619e18385d64baada4d
Instruction Fuzzy Hash: 48F0543A100210BBCF016F55EC85E49BB2AEF55324B048065FE085E21AC735E961CBB4

Uniqueness

Uniqueness Score: -1.00%

Function 0018C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 001012F3: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0010134D
Part of subcall function 001012F3: SelectObject.GDI32(?,00000000), ref: 0010135C
Part of subcall function 001012F3: BeginPath.GDI32(?), ref: 00101373
Part of subcall function 001012F3: SelectObject.GDI32(?,00000000), ref: 0010139C

MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0018C030
LineTo.GDI32(00000000,?,?), ref: 0018C03D
EndPath.GDI32(00000000), ref: 0018C04D
StrokePath.GDI32(00000000), ref: 0018C05B

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: 804b95a69789f682f7bb3f769ab652e11d014862b1f9853ce19f6d5ce00ca329
Instruction ID: a47ce0bc8c9528be7e8749275c2ab23057818e9b7768fc83fd7564f253babbbf
Opcode Fuzzy Hash: 804b95a69789f682f7bb3f769ab652e11d014862b1f9853ce19f6d5ce00ca329
Instruction Fuzzy Hash: DDF0BE31000219BBDB126F50AC09FCE3F59AF05310F144004FA11214E287B58AA2DFE5

Uniqueness

Uniqueness Score: -1.00%

Function 0015A37C Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0015A399
GetWindowThreadProcessId.USER32(?,00000000), ref: 0015A3AC
GetCurrentThreadId.KERNEL32 ref: 0015A3B3
AttachThreadInput.USER32(00000000), ref: 0015A3BA

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: a7c0af04effb0bf79be959e47be9bae9fba3726f518b5ffb83c9361b25b21cd6
Instruction ID: 8afc184836ee90ca1cb61e553ca81f6a341293b609a0fc86186f5c1edcd996e5
Opcode Fuzzy Hash: a7c0af04effb0bf79be959e47be9bae9fba3726f518b5ffb83c9361b25b21cd6
Instruction Fuzzy Hash: B2E03931581228BADB201BA2DC0CED73F1CFF167A2F408228F90888460D7B58695CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00102218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00102231
SetTextColor.GDI32(?,000000FF), ref: 0010223B
SetBkMode.GDI32(?,00000001), ref: 00102250
GetStockObject.GDI32(00000005), ref: 00102258
GetWindowDC.USER32(?,00000000), ref: 0013C0D3
GetPixel.GDI32(00000000,00000000,00000000), ref: 0013C0E0
GetPixel.GDI32(00000000,?,00000000), ref: 0013C0F9
GetPixel.GDI32(00000000,00000000,?), ref: 0013C112
GetPixel.GDI32(00000000,?,?), ref: 0013C132
ReleaseDC.USER32(?,00000000), ref: 0013C13D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
String ID:
API String ID: 1946975507-0
Opcode ID: 58162db5bb524d66b512a3c540ac1689abceb9c5b97c54531048407de53c8642
Instruction ID: c90e69f52c03dd21d80e7a315696469aedad4d06890cb97b129250db0221b96c
Opcode Fuzzy Hash: 58162db5bb524d66b512a3c540ac1689abceb9c5b97c54531048407de53c8642
Instruction Fuzzy Hash: BDE06D32100244EADB215FA4FC0D7D83B10EB15332F14836AFAA9580E187B24AD1DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00158C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00158C63
OpenThreadToken.ADVAPI32(00000000,?,?,?,0015882E), ref: 00158C6A
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,0015882E), ref: 00158C77
OpenProcessToken.ADVAPI32(00000000,?,?,?,0015882E), ref: 00158C7E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 972e40d377eeaaab59e8ac40fe30796a4f3d703a1a71ba26bd47f76b531c5538
Instruction ID: 890d1b00cb064acb0174069e9ec813fc23f0c80154a2fc0c8c9be88da2049377
Opcode Fuzzy Hash: 972e40d377eeaaab59e8ac40fe30796a4f3d703a1a71ba26bd47f76b531c5538
Instruction Fuzzy Hash: F6E04F36642211DBD7205FB06D0CB973BA9EF547A2F14482CB645D9040DA348586CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00142187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00142187
GetDC.USER32(00000000), ref: 00142191
GetDeviceCaps.GDI32(00000000,0000000C), ref: 001421B1
ReleaseDC.USER32(?), ref: 001421D2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 1b05eb5abdd814272dc40ce297498916243961c35b0e3cf66ff40cf50ad090ce
Instruction ID: 459d30c7f7f3cbd212da8a3f318926b3d6bfd6477999365fef34d031096823e1
Opcode Fuzzy Hash: 1b05eb5abdd814272dc40ce297498916243961c35b0e3cf66ff40cf50ad090ce
Instruction Fuzzy Hash: 4DE01A75800214EFDB019F60C808A9D7BF2FF5C350F218529F95AD7660DB7882929F40

Uniqueness

Uniqueness Score: -1.00%

Function 0014219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 0014219B
GetDC.USER32(00000000), ref: 001421A5
GetDeviceCaps.GDI32(00000000,0000000C), ref: 001421B1
ReleaseDC.USER32(?), ref: 001421D2

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 99a0e3e5ba222a786860a8cca3044ea4795bf17135afd67f5f8e3d4dba08b105
Instruction ID: 292777ea8f5a50f9e30fc090f6088d4e1e36ef4d8775c98a6060479efa6fccbd
Opcode Fuzzy Hash: 99a0e3e5ba222a786860a8cca3044ea4795bf17135afd67f5f8e3d4dba08b105
Instruction Fuzzy Hash: E5E01A75800204EFCB019F70C80869D7BF2FF5C310F218129F95A97660DB7892929F40

Uniqueness

Uniqueness Score: -1.00%

Function 0015B7B6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON

Download Yara Rule

APIs

OleSetContainedObject.OLE32(?,00000001), ref: 0015B981

Strings

AutoIt3GUI, xrefs: 0015B8F9
Container, xrefs: 0015B8FE

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ContainedObject
String ID: AutoIt3GUI$Container
API String ID: 3565006973-3941886329
Opcode ID: 3da8e185b36afef294b6e00284bbce776df1b16d8557dce94f2ce6f22229aea9
Instruction ID: c2f8fa23e4ba57f29b109a69a63f1d32a9e53dacf9d13d4ef0f6c658ed7cf445
Opcode Fuzzy Hash: 3da8e185b36afef294b6e00284bbce776df1b16d8557dce94f2ce6f22229aea9
Instruction Fuzzy Hash: 19913670604601EFDB24CF68C885A6ABBE8FF48711F24856EE95ACF691DB70E845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0016B217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON

Download Yara Rule

APIs

Part of subcall function 0011FEC6: _wcscpy.LIBCMT ref: 0011FEE9

Part of subcall function 00109997: __itow.LIBCMT ref: 001099C2
Part of subcall function 00109997: __swprintf.LIBCMT ref: 00109A0C

__wcsnicmp.LIBCMT ref: 0016B298
WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0016B361

Strings

LPT, xrefs: 0016B292

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
String ID: LPT
API String ID: 3222508074-1350329615
Opcode ID: a698748e89b545650aba68c1512d94cd4fb22cd8698641ce3d2266f14ceffc1f
Instruction ID: 182ab3f55f8c2d169c0572f6e3f5effbe361a01609e466dd303ab8ae7b7f5f89
Opcode Fuzzy Hash: a698748e89b545650aba68c1512d94cd4fb22cd8698641ce3d2266f14ceffc1f
Instruction Fuzzy Hash: 73615375A04215AFCB14DF94C895EAEB7B4BF18310F114069F946EB391DB70AE94CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00112AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00112AC8
GlobalMemoryStatusEx.KERNEL32(?), ref: 00112AE1

Strings

@, xrefs: 00112AD5

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: ae5c1e1b168c0afee52530670cf7849af0d78b4ead0ead2bf9f4a310dd7e4ea9
Instruction ID: 35e73159c1c696973d67cea5d0b9a1be313430975c86ba82e2f870e8d70c8d68
Opcode Fuzzy Hash: ae5c1e1b168c0afee52530670cf7849af0d78b4ead0ead2bf9f4a310dd7e4ea9
Instruction Fuzzy Hash: 535177715187449BD320AF14DC96BAFBBE8FF94310F42885CF2D9410A6DBB18569CB26

Uniqueness

Uniqueness Score: -1.00%

Function 001699BE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 0010506B: __fread_nolock.LIBCMT ref: 00105089

_wcscmp.LIBCMT ref: 00169AAE
_wcscmp.LIBCMT ref: 00169AC1

Strings

FILE, xrefs: 001699FA

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: _wcscmp$__fread_nolock
String ID: FILE
API String ID: 4029003684-3121273764
Opcode ID: f3551a298cac38b5d3b0d86eafcbd5bd3c78cdac55c39d7f1846ef8bff5ba49d
Instruction ID: 79a3f8831579d9f581498545e436e959e7bef5a77dcc62b1e4ec26604ca73736
Opcode Fuzzy Hash: f3551a298cac38b5d3b0d86eafcbd5bd3c78cdac55c39d7f1846ef8bff5ba49d
Instruction Fuzzy Hash: F941D8B1A00619BBDF209AA0DC45FEFBBBDDF59710F000069F904E71C1DBB59A148BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00172882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00172892
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 001728C8

Strings

|, xrefs: 00172899

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CrackInternet_memset
String ID: |
API String ID: 1413715105-2343686810
Opcode ID: 562ff5186bb9ddafdd66efa1eb9d952c7e4ab66e1f06949a535d61ccd000a856
Instruction ID: 7a0c7395e95cec65281a9b0524c1862b2ee1b798ff9a403c027d52eaa9d6db0b
Opcode Fuzzy Hash: 562ff5186bb9ddafdd66efa1eb9d952c7e4ab66e1f06949a535d61ccd000a856
Instruction Fuzzy Hash: 61313A71D00119AFDF01AFA1CC85EEEBFB9FF18300F04402AF915A61A5DB715A56DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00186CD2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00186D86
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00186DC2

Strings

static, xrefs: 00186D22

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: c123362edb9848e346e33ada54a5ae28f4f501a451a5cc199e40df7079743c30
Instruction ID: 33ee8aec7d0be246bac48ff2cae0d04cf857700de4b0929c1bd1dc74ed6d4c79
Opcode Fuzzy Hash: c123362edb9848e346e33ada54a5ae28f4f501a451a5cc199e40df7079743c30
Instruction Fuzzy Hash: CF318F71200604AEDB10AF68DC80FFB77B9FF48724F109619F9A997190DB71AD91CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00162D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00162E00
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00162E3B

Strings

0, xrefs: 00162DF9

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: e203c17649ed5792939c4bb6c383abe17d8e74b1af1418f44260e8bcf1cc4786
Instruction ID: 24285a28fcfc7dd34b8e9bc170cf9346ebefd3f555e8a0bab87d3a0d535b6db5
Opcode Fuzzy Hash: e203c17649ed5792939c4bb6c383abe17d8e74b1af1418f44260e8bcf1cc4786
Instruction Fuzzy Hash: 69310431A00709ABEB24CF48DC85BEEBBB9FF05300F14043EE985A71A0E7719A60CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00186943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 001869D0
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 001869DB

Strings

Combobox, xrefs: 0018699D

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 388ec0913ab109b725d813fcc2c7ff1162116cf593a9b21bd661cb0d6c67adee
Instruction ID: 46a7a85dd3a60ecdb9f3242156cf80badc918f317416ef0d4b30665dcfef1eea
Opcode Fuzzy Hash: 388ec0913ab109b725d813fcc2c7ff1162116cf593a9b21bd661cb0d6c67adee
Instruction Fuzzy Hash: A711B271A00208AFEF11AF14CC80EAB376AEB993A8F114124F9589B2D0D7759D918BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00186E76 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00101D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00101D73
Part of subcall function 00101D35: GetStockObject.GDI32(00000011), ref: 00101D87
Part of subcall function 00101D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00101D91

GetWindowRect.USER32(00000000,?), ref: 00186EE0
GetSysColor.USER32(00000012), ref: 00186EFA

Strings

static, xrefs: 00186EBD

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 6204cd667935ea7bb6b64ceb8d2bd555bbb76715c78599474b5dbf95ff9897fc
Instruction ID: 53a935a5efc883a173390899089bd92f98cd620ee4fdd0ff8ffa97642a0661ae
Opcode Fuzzy Hash: 6204cd667935ea7bb6b64ceb8d2bd555bbb76715c78599474b5dbf95ff9897fc
Instruction Fuzzy Hash: D4212972610209AFDB05EFA8DD45EEA7BB8FB08314F104629F955D3250E734E9619B50

Uniqueness

Uniqueness Score: -1.00%

Function 00186B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00186C11
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00186C20

Strings

edit, xrefs: 00186BF5

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 2c83942bdd73f79379ebd7476beb8f8d09e2153df7f344a4bdc2d27c2aeba536
Instruction ID: 15d61d25f67b16327a83496eed7b09abc9a471e701f8ae551468d75cb1fd1761
Opcode Fuzzy Hash: 2c83942bdd73f79379ebd7476beb8f8d09e2153df7f344a4bdc2d27c2aeba536
Instruction Fuzzy Hash: 3D11BC71200208ABEB10AF64DC81EEB3B69EB14378F204728F960D71E0C775DD919B60

Uniqueness

Uniqueness Score: -1.00%

Function 00162E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00162F11
GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00162F30

Strings

0, xrefs: 00162F07

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 5e333cc71f69eb2db757fc489f1a0d9b67faf9378d62077a9abec39949451425
Instruction ID: cf40b40169021ff3fd6187005881390cf0b10cacfb57ce85a4358867ab60f9bd
Opcode Fuzzy Hash: 5e333cc71f69eb2db757fc489f1a0d9b67faf9378d62077a9abec39949451425
Instruction Fuzzy Hash: A411BF31902624ABDB24DB98DC44FA977B9EB15310F1900F5EC54E72A1D7B2EE24C791

Uniqueness

Uniqueness Score: -1.00%

Function 001724CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00172520
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00172549

Strings

<local>, xrefs: 00172511

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 4d76e4da921a3d2361f325fce2cebc33bf1fcbfd5f44c20db5e5bade2b7906c6
Instruction ID: a474381a4187ed96f329e72459dc2bb1da1e205947e00ee20e0e5d988fa90efd
Opcode Fuzzy Hash: 4d76e4da921a3d2361f325fce2cebc33bf1fcbfd5f44c20db5e5bade2b7906c6
Instruction Fuzzy Hash: 38118270501225BAEB288F618C99EFBFF78FF16751F20C12AF90956540D3706A96DAF0

Uniqueness

Uniqueness Score: -1.00%

Function 001780A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON

Download Yara Rule

APIs

Part of subcall function 0017830B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,001780C8,?,00000000,?,?), ref: 00178322

inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 001780CB
htons.WSOCK32(00000000,?,00000000), ref: 00178108

Strings

255.255.255.255, xrefs: 001780E3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ByteCharMultiWidehtonsinet_addr
String ID: 255.255.255.255
API String ID: 2496851823-2422070025
Opcode ID: 10be11f1cb2e2c5ec21a3902df3193f1ae27444de984f68b81589d6cf6c2c78c
Instruction ID: 3e202a5512bf38fa8f2cb684c314139908629d9424040aae72f6b1b13964b793
Opcode Fuzzy Hash: 10be11f1cb2e2c5ec21a3902df3193f1ae27444de984f68b81589d6cf6c2c78c
Instruction Fuzzy Hash: A911C474640205ABDB20AF64CC4AFFEB375FF14720F10852AF9159B2D1DB72A815C795

Uniqueness

Uniqueness Score: -1.00%

Function 001592E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 0015B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0015B0E7

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00159355

Strings

ComboBox, xrefs: 001592F4
ListBox, xrefs: 0015931F

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: 35a8f460cc329ebcce88d71681ec7793e4f8a1e3f628b66224670217eb05e177
Instruction ID: c575cded9fcb9a270414029da49038a6470b6b72c6bc952ebcb9bce317642640
Opcode Fuzzy Hash: 35a8f460cc329ebcce88d71681ec7793e4f8a1e3f628b66224670217eb05e177
Instruction Fuzzy Hash: 7701B171A45219EBCB08EBB4CC918FE7769BF5A320B140619F9725B2D1DF31690C8661

Uniqueness

Uniqueness Score: -1.00%

Function 001591DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 0015B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0015B0E7

SendMessageW.USER32(?,00000180,00000000,?), ref: 0015924D

Strings

ComboBox, xrefs: 001591EC
ListBox, xrefs: 00159217

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: ab9d30ff76349a7fd259429101a4b1cdf635f6c426aac5a39626dfc2908f77e1
Instruction ID: bdfd75f761aaecf2a1bee760f14f5250404e9dd6432c12af30334b033ed86e6b
Opcode Fuzzy Hash: ab9d30ff76349a7fd259429101a4b1cdf635f6c426aac5a39626dfc2908f77e1
Instruction Fuzzy Hash: 7401D871A41208F7CB14EBA0C892DFF73A89F55301F140019B9626B1C1EB506F0C9672

Uniqueness

Uniqueness Score: -1.00%

Function 00159264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00107F41: _memmove.LIBCMT ref: 00107F82

Part of subcall function 0015B0C4: GetClassNameW.USER32(?,?,000000FF), ref: 0015B0E7

SendMessageW.USER32(?,00000182,?,00000000), ref: 001592D0

Strings

ComboBox, xrefs: 00159271
ListBox, xrefs: 0015929C

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: 6f1a5a939062a997a0cdaee8a04a5ca8d0950979e28678ad507b72ef1a28d0cd
Instruction ID: 2654b34c937a05825b7504abfd44bba89144fb030a52c9de92ee7ed5d47a6233
Opcode Fuzzy Hash: 6f1a5a939062a997a0cdaee8a04a5ca8d0950979e28678ad507b72ef1a28d0cd
Instruction Fuzzy Hash: 4E018FB1A85209F7CB14EAA0C982AEFB7A89B25301F240115BD62672C2DB655E0D9672

Uniqueness

Uniqueness Score: -1.00%

Function 001651CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 001651E8
_wcscmp.LIBCMT ref: 001651FA

Strings

#32770, xrefs: 001651F4

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: ClassName_wcscmp
String ID: #32770
API String ID: 2292705959-463685578
Opcode ID: 344c070400f209a3d698511776b422ce692d988058ae901a3434ee252829bde5
Instruction ID: 4426feedb2e504ad23c73914bd88a4178747d8786ad6e37417b01af172ce3d20
Opcode Fuzzy Hash: 344c070400f209a3d698511776b422ce692d988058ae901a3434ee252829bde5
Instruction Fuzzy Hash: 3DE0613250022C17E7109695AC45F97F7ACEF50731F00005BFD10D3040D7609A558BD0

Uniqueness

Uniqueness Score: -1.00%

Function 001581BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 001581CA

Part of subcall function 00123598: _doexit.LIBCMT ref: 001235A2

Strings

AutoIt, xrefs: 001581BE
Error allocating memory., xrefs: 001581C3

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: Message_doexit
String ID: AutoIt$Error allocating memory.
API String ID: 1993061046-4017498283
Opcode ID: 0ccf9dcdad6616038a8bb0b1f4e81b290a51b297d47d995b26e9b0aefc70b6d9
Instruction ID: f3c283fa090a801cf9d47d479bc49083e884525103812e77704f1334299d0baa
Opcode Fuzzy Hash: 0ccf9dcdad6616038a8bb0b1f4e81b290a51b297d47d995b26e9b0aefc70b6d9
Instruction Fuzzy Hash: 46D05E323C536C36D21432B87D4BFCA7A884B25B52F204426FB18A95D38FD699D243ED

Uniqueness

Uniqueness Score: -1.00%

Function 0013B511 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 0013B564: _memset.LIBCMT ref: 0013B571

Part of subcall function 00120B84: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,0013B540,?,?,?,0010100A), ref: 00120B89

IsDebuggerPresent.KERNEL32(?,?,?,0010100A), ref: 0013B544
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0010100A), ref: 0013B553

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0013B54E

Memory Dump Source

Source File: 00000000.00000002.1644858935.0000000000101000.00000020.00000001.01000000.00000003.sdmp, Offset: 00100000, based on PE: true

Associated: 00000000.00000002.1644281695.0000000000100000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.000000000018F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1644944863.00000000001B5000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645067479.00000000001BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001C8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001CA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1645099467.00000000001D8000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_100000_Order Enquiry MX-M754N_20240207_114441.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3158253471-631824599
Opcode ID: 5b88ca3d00d1e530f392719611a21a2311feef4c7b808ae2fb2715552f523a13
Instruction ID: bf45c49d00f9b06bd80c692f42e2793932cb389fc4e9cff798acf733fa6cf59b
Opcode Fuzzy Hash: 5b88ca3d00d1e530f392719611a21a2311feef4c7b808ae2fb2715552f523a13
Instruction Fuzzy Hash: C2E09AB42043108FD721DF28E944782BBE0AF14754F008A2DF986C3B61EBB4E984CBA1

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Order Enquiry MX-M754N_20240207_114441.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Agenttesla

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\autF562.tmp

C:\Users\user\AppData\Local\Temp\autF5B1.tmp

C:\Users\user\AppData\Local\Temp\differences

C:\Users\user\AppData\Local\Temp\myriopodous

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Windows Analysis Report
Order Enquiry MX-M754N_20240207_114441.exe

Function 00103B4C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153
windowCOMMON

Function 00104AFE Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Function 00104FE9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62
COMMON

Function 001693DF Relevance: 19.8, APIs: 13, Instructions: 322
fileCOMMON

Function 00103015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73
windowregistryCOMMON

Function 00103041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54
windowregistryCOMMON

Function 001071EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Function 00103A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71
windowregistryCOMMON

Function 00103633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
windowtimeregistryCOMMON

Function 00103778 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 267
COMMON

Function 01832670 Relevance: 10.7, APIs: 7, Instructions: 239
fileCOMMON

Function 001039E7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Function 01832410 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 154
fileCOMMON

Function 0010410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88
windowCOMMON

Function 0012564D Relevance: 7.7, APIs: 5, Instructions: 163
COMMONLIBRARYCODE

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre