Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 24, 2021, 5:57 p.m.	April 24, 2021, 6:04 p.m.

Size	1.1MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`bcdb8892ade3fbcef1e017b8c8acca6a`
SHA256	`0b1d65243616e6e7dd9804775739f945cc67e80018a9584139efc45698a20185`
CRC32	`DEE4FF4C`
ssdeep	`24576:5r+fVBkzxJ7RY/uuTkA+94dP2Qm4VltHR6bPYEH/e0HdD:t+fVBUxJ7S/3Tn+94dP2Qm4VXxePYeHZ`
PDB Path	c:\Wash\Lone\Engine\lea\Job O\bad.pdb
Yara	PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description) IsDLL - (no description) IsWindowsGUI - (no description) HasDebugData - DebugData Check win_files_operation - Affect private profile Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ze6p62.zip.dll,Bearmass
6988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ze6p62.zip.dll,Caselist
5656
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ze6p62.zip.dll,CommonWash
8948
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ze6p62.zip.dll,Heregather
6200
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ze6p62.zip.dll,Melodycross
668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ze6p62.zip.dll,Woodgirl
1608
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\ze6p62.zip.dll,
1036

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\Wash\Lone\Engine\lea\Job O\bad.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

One or more processes crashed (50 out of 222 events)

Time & API	Arguments	Status
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158628 registers.edi: 6695896 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 34670544 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 34670560 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 34670576 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 34670592 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 34670608 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 34670624 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 34670640 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 34670656 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 34670672 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 34670688 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 34670704 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 34670720 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 4 registers.eax: 2000478246 registers.ebp: 34670736 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 3 registers.eax: 2000478246 registers.ebp: 34670752 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 2 registers.eax: 2000478246 registers.ebp: 34670768 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158604 registers.edi: 1 registers.eax: 2000478246 registers.ebp: 34670784 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: DllRegisterServer+0xcbc7 ze6p62+0x16937 @ 0x72076937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2157800 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 2158872 registers.edx: 23 registers.ebx: 2158888 registers.esi: 23 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158856 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 34674024 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 34674048 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 34674072 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 34674096 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 34674120 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 34674144 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 34674168 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 34674192 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 34674216 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 34674240 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 34674264 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 34674288 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 34674312 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 34674336 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 34674360 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2158832 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 34674384 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: RtlUlonglongByteSwap+0x7a9 RtlFreeOemString-0x21131 ntdll+0x7db99 @ 0x7741db99 WinSqmAddToStreamEx+0x5e8 RtlDestroyMemoryZone-0x1c7 ntdll+0x6c0fc @ 0x7740c0fc LdrUnloadDll+0x4a RtlDosPathNameToRelativeNtPathName_U-0x419 ntdll+0x41221 @ 0x773e1221 New_ntdll_LdrUnloadDll@4+0x94 New_ntdll_NtAllocateVirtualMemory@24-0xc2 @ 0x729bd61a FreeLibrary+0x15 GetModuleFileNameA-0x7d kernelbase+0x11da7 @ 0x76a81da7 rundll32+0x24b0 @ 0x4e24b0 rundll32+0x12e8 @ 0x4e12e8 rundll32+0x1901 @ 0x4e1901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0xade8cb8b registers.esp: 2160092 registers.edi: 6695768 registers.eax: 0 registers.ebp: 2160120 registers.edx: 2001346688 registers.ebx: 2917714827 registers.esi: 2160108 registers.ecx: 17	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 8b 47 04 ff 80 b8 00 00 00 8b 57 04 83 82 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0xe072 ze6p62+0x17de2 exception.address: 0x72077de2 registers.esp: 2158332 registers.edi: 2158368 registers.eax: 1970591746 registers.ebp: 1970405376 registers.edx: 115 registers.ebx: 6713864 registers.esi: 2001356580 registers.ecx: 16	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421828 registers.edi: 6761432 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 32835536 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 32835552 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 32835568 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 32835584 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 32835600 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 32835616 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 32835632 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 32835648 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 32835664 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 32835680 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 32835696 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ April 24, 2021, 5:58 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec ze6p62+0x1105c exception.address: 0x7207105c registers.esp: 2421804 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 32835712 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (30 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 24, 2021, 5:57 p.m.	process_identifier: 6988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7217e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72168000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00300000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00310000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6988 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:57 p.m.	process_identifier: 5656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7217e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 5656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72168000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 5656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00310000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 5656 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 5656 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00420000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:57 p.m.	process_identifier: 8948 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7217e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 8948 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72168000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 8948 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00470000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 8948 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00480000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 8948 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00810000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:57 p.m.	process_identifier: 6200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7217e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72168000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6200 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 6200 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:57 p.m.	process_identifier: 668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7217e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72168000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 668 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00330000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 668 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00340000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 668 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:57 p.m.	process_identifier: 1608 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7217e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 1608 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72168000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 1608 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00300000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 1608 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 24, 2021, 5:58 p.m.	process_identifier: 1608 region_size: 589824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00330000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 40 AntiVirus engines on VirusTotal as malicious (40 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.46138179
FireEye	Trojan.GenericKD.46138179
ALYac	Trojan.GenericKD.46138179
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.3072984
AegisLab	Trojan.Win32.Generic.4!c
Sangfor	Trojan.Script.Phonzy.B
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 0057b2861 )
K7AntiVirus	Trojan ( 0057b2861 )
Cyren	W32/Dridex.DA.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/Kryptik.HKMI
Kaspersky	HEUR:Trojan-Banker.Win32.Cridex.gen
BitDefender	Trojan.GenericKD.46138179
Avast	Win32:MalwareX-gen [Trj]
Rising	Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware	Trojan.GenericKD.46138179
Emsisoft	Trojan.Crypt (A)
Comodo	Malware@#3izhvcjyk0hpf
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	Trojan-FTJT!BCDB8892ADE3
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Crypt
Avira	TR/AD.Dridex.bdmvv
Kingsoft	Win32.Troj.Banker.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.oa
Microsoft	Trojan:Script/Phonzy.B!ml
ZoneAlarm	HEUR:Trojan-Banker.Win32.Cridex.gen
GData	Trojan.GenericKD.46138179
AhnLab-V3	Trojan/Win.DRIDEX.C4433021
McAfee	Trojan-FTJT!BCDB8892ADE3
MAX	malware (ai score=81)
Malwarebytes	Trojan.Dridex
TrendMicro-HouseCall	TrojanSpy.Win32.DRIDEX.TIAOABDQ
Fortinet	W32/Kryptik.HKMI!tr
Webroot	W32.Malware.Gen
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A

ze6p62.zip

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All