Analysis Report document-47-2637.xls
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | Memory has grown: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | JA3 fingerprint: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
E-Banking Fraud: |
---|
Checks if browser processes are running | Show sources |
Source: | Code function: | 5_2_01156422 | |
Source: | Code function: | 5_2_01156422 | |
Source: | Code function: | 5_2_01156422 | |
Source: | Code function: | 5_2_01156422 |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Code function: | 5_2_01156EB1 |
Source: | Dropped File: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Static PE information: |
Source: | Code function: | 5_2_01159878 |
Source: | File created: | Jump to dropped file |
Source: | Code function: | 5_2_01153367 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'Workbook' entropy: |
Malware Analysis System Evasion: |
---|
Contains functionality to compare user and computer (likely to detect sandboxes) | Show sources |
Source: | Code function: | 5_2_01156422 |
Source: | Last function: |
Source: | Code function: | 5_2_01156EB1 |
Source: | Code function: | 5_2_01159910 |
Source: | Code function: | 5_2_01159380 | |
Source: | Code function: | 5_2_011596D1 |
Source: | Code function: | 5_2_01159583 |
Source: | Code function: | 5_2_01158F20 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting2 | Application Shimming1 | Process Injection2 | Masquerading1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Application Shimming1 | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery12 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Extra Window Memory Injection1 | Process Injection2 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting2 | NTDS | File and Directory Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information11 | LSA Secrets | System Information Discovery4 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Timestomp1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Extra Window Memory Injection1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | Virustotal | Browse | ||
23% | Metadefender | Browse | ||
15% | ReversingLabs | Document-Office.Trojan.Heuristic |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
webhub365.com | 198.244.146.96 | true | false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
198.244.146.96 | webhub365.com | United States | 18630 | RIDLEYSD-NETUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 432926 |
Start date: | 10.06.2021 |
Start time: | 23:38:13 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | document-47-2637.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.bank.expl.evad.winXLS@6/9@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
198.244.146.96 | Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
RIDLEYSD-NETUS | Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134922 |
Entropy (8bit): | 5.369107251625446 |
Encrypted: | false |
SSDEEP: | 1536:KcQIKNEeBXA3gBwlpQ9DQW+z7534ZliKWXboOilX5ENLWME9:aEQ9DQW+ziXOe |
MD5: | 4885913667B0E212E6E83C9B74AF771A |
SHA1: | EFFDDE591047639F3DCF4034807D9F37A35426FE |
SHA-256: | 59756C811635EBF4C1F1794D57FC4A758E1A7A93DA0F74FDCC66C1C83AE0ABAC |
SHA-512: | ACF822176355AAFEF2A04265976B9BC65BCEC067604B359FD50B468112E85B7EB68BA17BF1EAC626D7F78B08DE190D0CE6474136F9DDF84A9BA2F2B39C245D65 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 68601 |
Entropy (8bit): | 7.6095013473066455 |
Encrypted: | false |
SSDEEP: | 768:5X3vegIg9kOKLUwxZi4IB5/vAVk/ViuHpc2HoM3DFZXHHHHHHHHHLGAX4MOw+j8j:rkNLPHqvAk/Vi6+YDT7Hbc8hxCCVl/ |
MD5: | 9F3996ECBC98180FD2BCFE840C41E4CA |
SHA1: | 30F402A14E8F22F3E9B72DA06E2419537E511281 |
SHA-256: | CCA5AA32910672FE42CB13FF0207E8E15602E3FF67D3C29044221C8718331128 |
SHA-512: | 7B3BFD8DD34674EC9E988A5EDB4FB4C5028C72C6862A634BE362A56F6F86AAD3799FFA4FB088649EC24CFE57188A1CF7E5C16BD17B1FAC599146C05369797A9A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 904 |
Entropy (8bit): | 4.672568751401007 |
Encrypted: | false |
SSDEEP: | 12:8oSCXUVduCH2KOeLR4miS68+WrjAZ/DYbDJp5SeuSeL44t2Y+xIBjKZm:85i1S1AZbcDJpP7aB6m |
MD5: | CB5861A7C65B698B00B963BDB3A65EAE |
SHA1: | 30BD2B243AA0913959069D2B7E81E0631BCE55B7 |
SHA-256: | 11D2C94BA62AD8C8224DC0C70E330801DA0020DE457F2180FF905886F5EE79A9 |
SHA-512: | 632645EBBCB2F6B0CE3F46EF41DC8CD4E71AD18704BE52E47B33CE5B0F94C89053BD3A4BDAFBFBDF68A48F8BAB4952A725FEC40CBBE21025F551D49086AB4D3A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2170 |
Entropy (8bit): | 4.721481944923777 |
Encrypted: | false |
SSDEEP: | 24:8MyEmiQGNAobv1DJpf7aB6myMyEmiQGNAobv1DJpf7aB6m:8Mgi1Go7PQB6pMgi1Go7PQB6 |
MD5: | 5940923A2A431724DABE37F3633871D0 |
SHA1: | 2509A2D6150538B6B238C22023F6A4C1CAD3BCF6 |
SHA-256: | AD29413158F192C2C3425D01B987D4B547FC1F2CE05F1C97AF92962DB2F5279B |
SHA-512: | 481B7908EFDD5174A8FBA30AD8AC57D77F2789DBEEE832EBA99CF834A515E189DF36E5260442671E28088A0C91668D82A25BBDB936E467163BF5C2355B087726 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 101 |
Entropy (8bit): | 4.781102818999889 |
Encrypted: | false |
SSDEEP: | 3:oyBVomMY9LRkKSd6YCZELRkKSd6YCmMY9LRkKSd6YCv:dj6Y9LaJdzgELaJdzUY9LaJdzs |
MD5: | CC574425794FB97F59C2DC249939493A |
SHA1: | 8CA2DFD4C2535E0FFEB160319D2CD079758B7F8D |
SHA-256: | 1D977854F9C0DDF7462B6991CA2B6026C4FFCAF52F158A2C7B81B8FBEE5E35F0 |
SHA-512: | 6C9C7CAFA742354DB174653D4C1CF9521AC10C67177FB2E26A85AE1267F1A45094BD1F1AE3C0B53836D5210F6083906F17C26A28A197D0CCF2F76D7447272E43 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 117445 |
Entropy (8bit): | 7.924149420001192 |
Encrypted: | false |
SSDEEP: | 3072:UfgagkFMp1lsZaVV6zBiA2AiuLKli2LKefgag2:0xFCLPVV+BiA2Ai0uicDd |
MD5: | 40F42EC6AF84151ABC504FB591A42BD4 |
SHA1: | 13504B444A7127A12C99F75D389D8BE78F607811 |
SHA-256: | 4342F4D6263F70D2BEC42C6D8CC1E6F23811C416265FBBF688D8D2F1AA2C5BFF |
SHA-512: | 52B8B4DACF29DDA70A1C63FA16F7B6D9363DC852FC9D2C4BD381DBB8C6694A131CD5D19697B45293BD5E07CA399A422EED48FDD48D7B0177C1398086F9344451 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 99740 |
Entropy (8bit): | 7.929925379753235 |
Encrypted: | false |
SSDEEP: | 1536:n6hF9uwbh8+yV1jngo7mfk9mjhjAefouRA+VkV43RBVCOG6hFouT:nWuihUJngIQjAehZVkqbsjuT |
MD5: | BA34233274FF56530F9141B9F5B5FF43 |
SHA1: | 974F24CCD4BEE89423AF7B4ABB09537605AFD1A3 |
SHA-256: | D79872EFE978946ADD8D6DD0848835F0A365B69F588C0FA52F744B88FC1D10F7 |
SHA-512: | A27822A9DE321CE36E0BA71AEF683CCF429F43B9DBA216E086EBF186A8A037AE2DA45C0E97CCA5F6C240FE43DF173668DCA673CA6957F371C8BA42653461B8FF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44544 |
Entropy (8bit): | 6.190125674423799 |
Encrypted: | false |
SSDEEP: | 768:AAMBmP3+XxLKZ/XMsQt1TZPImKXPXtE6MayeDkX0PmfkPchaDPfsRi7P4QG64iuU:UsP3+XxLKZ/XMsQt1TZPImKXPdfDkXSZ |
MD5: | CE639EB63B7C1C1EC94651B65CCEC383 |
SHA1: | B92544ED405C33F2DB64A0BCA41646CB712E246B |
SHA-256: | 2D2EAD13B2796AD58D070DC1FD36961866F25E1E436661C760A879EAC35982F9 |
SHA-512: | 66E841C9DF0D17AB1A1C866A96769AD0F4F8329C94EDB2917648FB4FF76E7A47C479A60A0D05293136843EC5BA938B0CEB96190BEE01AE049A467BDA45CB4566 |
Malicious: | true |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.59086745125602 |
TrID: |
|
File name: | document-47-2637.xls |
File size: | 92165 |
MD5: | 92dcc47a1a044fc3a2328ec6eef3918b |
SHA1: | 6f9266a6c0b702cbaa0a3583df5c8cd1357eae35 |
SHA256: | ac4b99079b1ceb11db593097e421de9d9092765feedc23a3ab8ef912b292c988 |
SHA512: | fcd4b7c0a4e0f785604f40e0a9a4690e9b642223ee63088c6c4acfc262a18f5a79c77ab82498b422b229eaecc9a2e745b7e455c43ad2a85794e7adbac6b9bafd |
SSDEEP: | 1536:Lc2ZSmXWCQnp2c90Hg+j8z3kVfKIDVzoFGUslIB54N+wl8MYBzaVt4J5aukGqu:LXZxXTQ8hHgNQNeF3V4NvuhBzaV+J5a+ |
File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd4c6c3c6c4d8 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "document-47-2637.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Summary | |
---|---|
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2021-06-02 13:40:34 |
Last Saved Time: | 2021-06-02 13:40:36 |
Creating Application: | |
Security: | 1 |
Document Summary | |
---|---|
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 983040 |
Streams |
---|
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.308022095077 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . i . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 ec 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 a5 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.316312415339 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . W i n d o w s U s e r . . . . . . . . . . . . W i n d o w s U s e r . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . . . . W . . @ . . . . . . . . W . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 b0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 60 00 00 00 12 00 00 00 78 00 00 00 0c 00 00 00 90 00 00 00 0d 00 00 00 9c 00 00 00 13 00 00 00 a8 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 10 00 00 00 |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 81910 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 81910 |
Entropy: | 7.97723236264 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . T 8 . . . . . . . . . . / . 6 . . . . . . . . j . . . _ . W > N . B . . [ . . . . . . D . G . . . . 9 s < D l . o . b . 3 . ^ K W . ~ . U . . . . . . . . . . . h . . . . . \\ . p . i . . v . / . . . . B . 7 r . n . S . $ . 4 f . 7 . U . . e . Y k . . . L Q . . o N . . . . $ a . 7 Q . . . u . s . X U . ^ . . . . . . K . C d . . . l . ? . & . C . . . . . . . . v . . . . . 4 ; / . . . . 6 4 = . . . . . . B . . . . I a . . . . D . . . . = . . . . # . c . . . . h . . . . . s R . . . . . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 54 38 cd 07 c1 c0 01 00 06 07 00 00 2f 00 36 00 01 00 01 00 01 00 02 6a df 82 8f 5f f7 57 3e 4e 18 42 a0 92 5b 1d e8 95 bd ea b2 44 89 47 13 ad c8 06 39 73 3c 44 6c 0c 6f cd 62 dc 33 7f 5e 4b 57 2e 7e e6 55 cf e1 00 02 00 b0 04 c1 00 02 00 68 a6 e2 00 00 00 5c 00 70 00 69 b6 c9 76 af 2f 14 b1 ed d6 42 f4 37 72 10 6e cc 53 fc 24 ef 34 66 18 37 82 55 80 f5 65 |
Macro 4.0 Code |
---|
,!,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,?,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,L,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,!,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,x,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,mxUXwaSU= $N$84&$X$102&$K$324&$C$460&$M$83&$K$324&$N$447&$I$336&$X$102&$K$324&$X$82&$M$83&$U$271&$X$102&$V$246&$X$462,,,,,,,,,,,,,,,,,,,,,,id9nB5my= $W$367,,,,,,,,,,,,,,,,,,,,,,=$F$105(),,,,,,,,,,,,,,,,,,,,,,=RUN($K$351),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,M,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,s,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,mxUXwaSU= $H$409&$H$409&$N$84&$N$84&$N$84&$N$84&$H$409,,,,,,,,,,,,,,,,,,,,,,id9nB5my= $Y$71,,,,,,,,,,,,,,,,,,,,,,=$F$105(),,,,,,,,,,,,,,,,,,,,,,=RUN($I$385),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,\,,,,,,,,,,,,,,,,,,,,,,,Z,,,,,,,,,,,,,,,,,,,,,,,,,,,,,c,,,,,,,,,,,t,,,,,,,,,,,,,,,,,,,,,,,C,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,!,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,r,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=RETURN(FORMULA.FILL(mxUXwaSU,id9nB5my))",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,d,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,q,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,/,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,F,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,I,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,n,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,E,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,mxUXwaSU= $F$204&$H$481&$K$324&$N$11&$N$11&$E$78&$I$228,,,,,,,,,,,,,,,,,,,,,,id9nB5my= $D$167,,,,,,,,,,,,,,,,,,,,,,=$F$105(),,,,,,,,,,,,,,,,,,,,,,=RUN($R$247),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,!,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 23:39:07.758977890 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.814593077 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.814827919 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.815645933 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.870667934 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.871705055 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.871733904 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.871757030 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.871773958 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.871809959 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.871840000 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.871850014 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.875941038 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.876013041 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.889168978 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.948826075 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:07.949002028 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:07.949609995 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:39:08.047010899 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:08.129976034 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:39:08.130068064 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:40:23.176129103 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:40:23.176176071 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:40:23.176424026 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:40:54.416600943 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:40:54.416651011 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
Jun 10, 2021 23:40:54.471982002 CEST | 443 | 49736 | 198.244.146.96 | 192.168.2.4 |
Jun 10, 2021 23:40:54.472306013 CEST | 49736 | 443 | 192.168.2.4 | 198.244.146.96 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 10, 2021 23:38:52.967205048 CEST | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:38:53.029515982 CEST | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:38:53.091182947 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:38:53.141277075 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:38:53.899147034 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:38:53.949414968 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:38:55.018290997 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:38:55.081427097 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:38:55.103068113 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:38:55.157798052 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:38:55.968286991 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:38:56.028430939 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:38:57.970202923 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:38:58.023649931 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:03.437601089 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:03.490520000 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:04.416615009 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:04.516530991 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:04.961870909 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:05.033673048 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:05.919765949 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:05.969824076 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:06.014739037 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:06.088699102 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:07.061800003 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:07.120498896 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:07.696746111 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:07.756989002 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:08.098918915 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:08.149171114 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:08.868616104 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:08.932203054 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:09.108942032 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:09.161076069 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:09.714025974 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:09.767750025 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:10.686068058 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:10.736035109 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:11.658345938 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:11.717427969 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:12.518906116 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:12.569057941 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:13.204545021 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:13.263603926 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:13.651770115 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:13.710468054 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:16.330972910 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:16.381169081 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:17.101145983 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:17.154200077 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:17.867068052 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:17.917368889 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:18.687213898 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:18.740266085 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:19.499142885 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:19.560852051 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:22.964379072 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:23.028353930 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:37.752346039 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:37.890376091 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:38.459012032 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:38.692450047 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:38.839421988 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:38.910661936 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:39.287220001 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:39.348902941 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:39.869817972 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:39.931515932 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:40.743299961 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:40.804954052 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:41.466109991 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:41.528162956 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:42.488322020 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:42.548993111 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:43.587331057 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:43.649781942 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:44.450370073 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:44.510262012 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:45.030211926 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:45.091671944 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:48.179131031 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:48.229815960 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:58.221915960 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:58.278551102 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:39:58.300194025 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:39:58.347940922 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:40:00.832252026 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:40:00.892834902 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:40:34.100034952 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:40:34.169770002 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Jun 10, 2021 23:40:35.246970892 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 10, 2021 23:40:35.305468082 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jun 10, 2021 23:39:07.696746111 CEST | 192.168.2.4 | 8.8.8.8 | 0x412 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jun 10, 2021 23:39:07.756989002 CEST | 8.8.8.8 | 192.168.2.4 | 0x412 | No error (0) | 198.244.146.96 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jun 10, 2021 23:39:07.875941038 CEST | 198.244.146.96 | 443 | 192.168.2.4 | 49736 | CN=webhub365.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. | Tue Jun 08 19:53:43 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021 | Mon Sep 06 19:53:43 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=R3, O=Let's Encrypt, C=US | CN=ISRG Root X1, O=Internet Security Research Group, C=US | Fri Sep 04 02:00:00 CEST 2020 | Mon Sep 15 18:00:00 CEST 2025 | |||||||
CN=ISRG Root X1, O=Internet Security Research Group, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Wed Jan 20 20:14:03 CET 2021 | Mon Sep 30 20:14:03 CEST 2024 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 23:39:03 |
Start date: | 10/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfd0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:39:08 |
Start date: | 10/06/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:39:08 |
Start date: | 10/06/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 23:39:10 |
Start date: | 10/06/2021 |
Path: | C:\aZ8ThU0Y\ERdZMUem\nnAzot.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1150000 |
File size: | 44544 bytes |
MD5 hash: | CE639EB63B7C1C1EC94651B65CCEC383 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 01153367, Relevance: 71.9, APIs: 21, Strings: 20, Instructions: 160libraryloaderCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01159380, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011559D4, Relevance: 47.6, APIs: 19, Strings: 8, Instructions: 308memoryCOMMON
C-Code - Quality: 26% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01159083, Relevance: 10.6, APIs: 7, Instructions: 99sleepCOMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 01156422, Relevance: 91.2, APIs: 27, Strings: 25, Instructions: 248COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011596D1, Relevance: 6.0, APIs: 4, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01159910, Relevance: 2.5, APIs: 2, Instructions: 32memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01158F20, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01154B60, Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 278fileCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01156A55, Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 173windowthreadCOMMON
C-Code - Quality: 33% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0115441E, Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 113filelibraryCOMMON
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01154181, Relevance: 18.2, APIs: 3, Strings: 9, Instructions: 167stringCOMMON
C-Code - Quality: 78% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011556A6, Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 153fileCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 24% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0115748E, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 101synchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01156275, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88registryCOMMON
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01156106, Relevance: 7.6, APIs: 5, Instructions: 108COMMON
C-Code - Quality: 91% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01157B77, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01155F98, Relevance: 6.1, APIs: 4, Instructions: 59fileCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01158F80, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011589B0, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119synchronizationCOMMON
C-Code - Quality: 54% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01159900, Relevance: 5.1, APIs: 4, Instructions: 85memoryCOMMON
C-Code - Quality: 38% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01158B18, Relevance: 5.1, APIs: 4, Instructions: 83memoryCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01157798, Relevance: 5.0, APIs: 4, Instructions: 36memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |