In recent years, the number of malicious software (malware) has increased rapidly, which has caused a lot of losses for individuals and businesses around the world. Understanding the intention of malware and extracting key execution behaviors will considerably help detect and defend against malware. This research proposes an automated important execution sequence behavior identification system. The recurrent neural network and self-attention mechanism are used as the basis of the architecture. It is used to analyze Windows API call invocations sequence recording at runtime, and capture the relationship between API call invocations. To automatically identify malware whether each API call invocation is a characteristic API call in malicious behavioral activity, and can respond to its malicious intentions. The proposed system contains three functional modules, namely Embedder which vectorizes API call invocations, Encoder which calculates the importance of each API call invocation in the execution profiles, and Filter which extracts important API call invocations from the malware. Through these three modules, we can establish a pipeline for malware analysis and family classification. The important API call invocations of the system output allow the security analysts to quickly know the semantic interpretation of the characteristic execution pattern and classify or cluster malware by calculating the similarity score. Compared with other methods our experiments not only prove the effectiveness of the proposed functional modules in our system but also demonstrate the system's behavioral feature recognition ability, which can classify unseen malware correctly into their family. Additionally, we visualize the important API call invocations of the malware and analyze the relationship between different behavioral patterns and family characteristic execution patterns. We found that the malware family is pluralistic, and the same behavioral patterns can exist in many different families.