Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 29, 2021, 5:57 p.m.	June 29, 2021, 5:59 p.m.

Size	125.2KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`09a781424dc28340d0112c5e4f77ac3e`
SHA256	`053ba5ebdf692c17beed17aec6e7ca7d183ab55b5264170fd11a7f7850828289`
CRC32	`F306D002`
ssdeep	`3072:iBkfJpRXATwMdFCcGbV07weSVIixs7HFWEODytnwpB0FyN:iqjIKVYwmLBW+q30Fo`
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
7180

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 29, 2021, 5:57 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 7180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x745e4000 process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\diejc.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\diejc.dll

Potentially malicious URLs were found in the process memory dump (2 events)

url	http://nsis.sf.net/NSIS_Error
url	http://www.ibsensoftware.com/

Yara rule detected in process memory (12 events)

description	Communications use DNS	rule	Network_DNS
description	Escalate priviledges	rule	Escalate_priviledges
description	Win32 PWS Loki	rule	Win32_PWS_Loki_Zero
description	Take ScreenShot	rule	ScreenShot
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Allocates execute permission to another process indicative of possible code injection (50 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00402000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00403000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00404000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00406000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00407000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00408000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00411000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00412000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00413000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00414000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00415000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00416000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00417000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00418000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00419000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00420000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00421000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00422000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00423000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00424000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00425000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00426000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00427000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00428000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00429000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	1	0

Manipulates memory of a non-child process indicative of process injection (50 out of 51 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 7180 manipulating memory of non-child process 1520
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00402000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00403000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00404000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00406000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00407000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00408000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00411000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00412000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00413000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00414000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00415000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00416000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00417000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00418000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00419000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00420000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00421000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00422000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00423000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00424000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00425000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00426000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00427000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00428000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00429000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4	3221225496	0

Potential code injection by writing to the memory of another process (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 7180 injected into non-child 1520
WriteProcessMemory June 29, 2021, 5:57 p.m.	buffer: MZÿÿ¸@ðº´ Í!¸LÍ!This program cannot be run in DOS mode. $ÌÍxþ¬¬¬Ô¬K£K¬ ¬=2ó¬¬¬Ô¬¬Ç¬Ô¬=2÷ó¬=2È¬Rich¬PELlWà8¢Þ9P@ ÐdP\.textõ68 `.rdata`@PB<@@.data$^ ~@À.x À base_address: 0x00430000 process_identifier: 1520 process_handle: 0x000001e4	1	1	0
WriteProcessMemory June 29, 2021, 5:57 p.m.	buffer: TÍ<¨K¢`Ý;U base_address: 0x0044a000 process_identifier: 1520 process_handle: 0x000001e4	1	1	0
WriteProcessMemory June 29, 2021, 5:57 p.m.	buffer: C base_address: 0x7efde008 process_identifier: 1520 process_handle: 0x000001e4	1	1	0

Code injection by writing an executable or DLL to the memory of another process (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 7180 injected into non-child 1520
WriteProcessMemory June 29, 2021, 5:57 p.m.	buffer: MZÿÿ¸@ðº´ Í!¸LÍ!This program cannot be run in DOS mode. $ÌÍxþ¬¬¬Ô¬K£K¬ ¬=2ó¬¬¬Ô¬¬Ç¬Ô¬=2÷ó¬=2È¬Rich¬PELlWà8¢Þ9P@ ÐdP\.textõ68 `.rdata`@PB<@@.data$^ ~@À.x À base_address: 0x00430000 process_identifier: 1520 process_handle: 0x000001e4	1	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 7180 called NtSetContextThread to modify thread in remote process 1520
NtSetContextThread June 29, 2021, 5:57 p.m.	registers.eip: 2000355780 registers.esp: 1638384 registers.edi: 0 registers.eax: 4471262 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000001dc process_identifier: 1520	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 7180 resumed a thread in remote process 1520
NtResumeThread June 29, 2021, 5:57 p.m.	thread_handle: 0x000001dc suspend_count: 1 process_identifier: 1520	1	0	0

Executed a process and injected code into it, probably while unpacking (50 out of 60 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW June 29, 2021, 5:57 p.m.	thread_identifier: 8052 thread_handle: 0x000001dc process_identifier: 1520 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\vbc.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\vbc.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\vbc.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000001e4	1	1
NtGetContextThread June 29, 2021, 5:57 p.m.	thread_handle: 0x000001dc	1	0
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00402000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00403000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00404000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00405000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00406000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00407000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00408000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00409000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00410000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00411000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00412000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00413000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00414000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00415000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00416000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00417000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00418000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00419000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00420000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00421000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00422000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00423000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00424000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00425000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00426000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00427000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00428000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00429000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496
NtAllocateVirtualMemory June 29, 2021, 5:57 p.m.	process_identifier: 1520 region_size: 663552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001e4		3221225496

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Zum.Androm.1
McAfee	Artemis!09A781424DC2
Cylance	Unsafe
Sangfor	Trojan.Win32.Gorgon.gen
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Zum.Androm.1
Cyren	W32/Injector.AIP.gen!Eldorado
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Zum.Androm.1
APEX	Malicious
Sophos	ML/PE-A
McAfee-GW-Edition	BehavesLike.Win32.Vopak.cc
FireEye	Generic.mg.09a781424dc28340
Emsisoft	Zum.Androm.1 (B)
Ikarus	Trojan.NSIS.Agent
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:Win32/Wacatac.B!ml
AegisLab	Trojan.MSIL.Agent.i!c
GData	Zum.Androm.1
Cynet	Malicious (score: 100)
MAX	malware (ai score=88)
Avast	FileRepMetagen [Malware]
Yandex	Trojan.Slntscn24.bVVB1s
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Kryptik.1!tr
AVG	FileRepMetagen [Malware]
Cybereason	malicious.24dc28

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All