diff --git a/modules/processing/behavior.py b/modules/processing/behavior.py index ceb039bb5df..6c5de60d74e 100644 --- a/modules/processing/behavior.py +++ b/modules/processing/behavior.py @@ -355,8 +355,8 @@ def _parse(self, row): if ( api_name == "DllLoadNotification" and len(arguments) == 3 - and arguments[0].get("value", "") == "load" and arguments[-1].get("name", "") == "DllBase" + and arguments[0].get("value", "") == "load" and "DllBase" not in self.environdict and _clean_path(arguments[1]["value"], self.options.replace_patterns) in self.environdict.get("CommandLine", "") ): diff --git a/web/templates/analysis/index.html b/web/templates/analysis/index.html index 6b7d847bcd1..a4f0a2cf73c 100644 --- a/web/templates/analysis/index.html +++ b/web/templates/analysis/index.html @@ -36,7 +36,7 @@
Recent Files
{% if files %} - +
diff --git a/web/templates/analysis/search.html b/web/templates/analysis/search.html index 402ea19fea2..1c0ff09bfae 100644 --- a/web/templates/analysis/search.html +++ b/web/templates/analysis/search.html @@ -13,7 +13,7 @@

ElasticSearch queries do not use a prefix. ie: '*windows.*' would match 'time.windows.com'

For MD5, SHA1, SHA3 SHA256 and SHA512 no prefix is needed(will match any file generated by this analysis as binary/dropped/CAPEdump/etc).

-
ID
+
Prefix