Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 11, 2021, 5:42 p.m.	Aug. 11, 2021, 5:52 p.m.

Size	5.3MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`cba619ceefd476c9cc3f35b5263e6276`
SHA256	`69e7a10168bf96ba60f06987affd48857cd9cda1a518509f435b8b43110feacf`
CRC32	`62D2A3A0`
ssdeep	`98304:DJIhjzhUmi32EM/H6ygOsEL2QwHFHB2ajjMtW2U2M:DJI5hOG/3gOSjHrjjjMtMz`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware PE_Header_Zero - PE File Signature themida_packer - themida packer

mine.exe "C:\Users\test22\AppData\Local\Temp\mine.exe"
2528

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section
section	.themida

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefde3a49d mine+0x4fe847 @ 0x13fbfe847 mine+0x526c10 @ 0x13fc26c10 HeapWalk-0x1ce0 kernel32+0x0 @ 0x77200000 0x4bff28 0x4bff28 0x4bff28 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefde3a49d registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1
__exception__ Aug. 11, 2021, 5:35 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 4978720 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 4980528 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 4980552 registers.rdi: 5360164864 registers.rax: 2011179947 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 3283 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 1703936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002110000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002230000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000010000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000011000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000012000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000013000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000014000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000015000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000016000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000017000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000018000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000019000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000001f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000020000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000021000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000022000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000023000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000024000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000025000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000026000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000027000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000028000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000029000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000002f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000030000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000031000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000032000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000033000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000034000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000035000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000036000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000037000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000038000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000039000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003a000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003b000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003c000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003d000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003e000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000003f000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff		-1073741800

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00052c00', u'virtual_address': u'0x00002000', u'entropy': 7.9816969995325096, u'name': u' ', u'virtual_size': u'0x0009e000'}

entropy

7.98169699953

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00004600', u'virtual_address': u'0x000a0000', u'entropy': 7.9344598012558825, u'name': u' ', u'virtual_size': u'0x0001aca6'}

entropy

7.93445980126

description

A section with a high entropy has been found

DEP was bypassed by marking part of the stack executable by the process mine.exe (8 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004bc000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004bd000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004be000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004bf000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004bc000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004bd000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004be000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800
NtAllocateVirtualMemory Aug. 11, 2021, 5:35 p.m.	process_identifier: 2528 region_size: 4096 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004bf000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	-1073741800

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Aug. 11, 2021, 5:35 p.m.	tid: 1052 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 events)

Lionic	Hacktool.Win32.BypassUAC.3!c
MicroWorld-eScan	Trojan.GenericKD.37374003
FireEye	Trojan.GenericKD.37374003
ALYac	Trojan.GenericKD.37374003
Cylance	Unsafe
Sangfor	Riskware.Win32.Agent.ky
K7AntiVirus	Trojan ( 00580b291 )
K7GW	Trojan ( 00580b291 )
Cybereason	malicious.d0904b
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win32/GenCBL.ARO
Paloalto	generic.ml
Kaspersky	Exploit.Win32.BypassUAC.abxx
BitDefender	Trojan.GenericKD.37374003
Avast	Win64:DangerousSig [Trj]
Ad-Aware	Trojan.GenericKD.37374003
Emsisoft	Trojan.GenericKD.37374003 (B)
Comodo	TrojWare.Win32.UMal.kaelz@0
DrWeb	Trojan.MulDrop18.21586
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Generic
MaxSecure	Trojan.Malware.300983.susgen
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft	Trojan.Win64.Downloader.oa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Trojan.GenericKD.37374003
AhnLab-V3	Trojan/Win.Kryptik.R436355
McAfee	Artemis!CBA619CEEFD4
MAX	malware (ai score=88)
Fortinet	Malicious_Behavior.SB
Webroot	W32.Trojan.Gen
AVG	Win64:DangerousSig [Trj]
CrowdStrike	win/malicious_confidence_80% (W)

mine.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All