Attempts to connect to a dead IP:Port (1 unique times) Show sources
| network_host_ip | 127.0.0.1:7000 |
Sniffs keystrokes Show sources
| api_process_name | Process: server.exe(2436) |
Creates RWX memory Show sources
| injection_rwx_memory | 0x00000040, NtAllocateVirtualMemory or VirtualProtectEx |
Drops a binary and executes it Show sources
| file_dropped | C:\Users\user\Desktop\server.exe |
Creates a copy of itself Show sources
| file | C:\Users\user\Desktop\server.exe |
A process attempted to delay the analysis task. Show sources
| api_process_name | server.exe tried to sleep 524 seconds, actually delayed analysis time by 0 seconds |