Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 11, 2021, 10:17 a.m.	Oct. 11, 2021, 10:19 a.m.

Size	6.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4db7eb28029846ea78925a192dd837ae`
SHA256	`3b44d2ea5d9c58321bd71a37c657d2b9d9f559db6d2b768d0b265b2c1a22070c`
CRC32	`CB0E3983`
ssdeep	`98304:gZv7yvip4uvN6rsx86wx40k7l9nrEk0OtIksy7KyncYAm1HW2ggnz+r+bWLxHi6l:g0usrXD4dR9Ak0OakzFAm1HdnyVYq5`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
2236
- enrichvp.exe "C:\Users\test22\AppData\Local\Temp\chleuh\enrichvp.exe"
  1628
- infern.exe "C:\Users\test22\AppData\Local\Temp\chleuh\infern.exe"
  1080

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 11, 2021, 10:17 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Oct. 11, 2021, 10:17 a.m.	stacktrace: enrichvp+0x3a520d @ 0x14d520d enrichvp+0x369e58 @ 0x1499e58 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x7566b727 registers.esp: 2882864 registers.edi: 18190336 registers.eax: 2882864 registers.ebp: 2882944 registers.edx: 2130566132 registers.ebx: 1968701414 registers.esi: 2008380459 registers.ecx: 4014014464	1
__exception__ Oct. 11, 2021, 10:17 a.m.	stacktrace: exception.instruction_r: ed e9 e8 ff ff ff e2 a0 1e 45 75 00 71 00 c0 c6 exception.symbol: enrichvp+0x3d563b exception.instruction: in eax, dx exception.module: enrichvp.exe exception.exception_code: 0xc0000096 exception.offset: 4019771 exception.address: 0x150563b registers.esp: 2882984 registers.edi: 4730512 registers.eax: 1750617430 registers.ebp: 18190336 registers.edx: 22614 registers.ebx: 18022400 registers.esi: 20217706 registers.ecx: 20	1
__exception__ Oct. 11, 2021, 10:17 a.m.	stacktrace: exception.instruction_r: ed e9 4a 03 03 00 c3 e9 62 0b fd ff d1 05 6d 48 exception.symbol: enrichvp+0x39a1c4 exception.instruction: in eax, dx exception.module: enrichvp.exe exception.exception_code: 0xc0000096 exception.offset: 3776964 exception.address: 0x14ca1c4 registers.esp: 2882984 registers.edi: 4730512 registers.eax: 1447909480 registers.ebp: 18190336 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 20217706 registers.ecx: 10	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefde3a49d infern+0x33ef67 @ 0x13f58ef67 infern+0x4fd0af @ 0x13f74d0af HeapWalk-0x1ce0 kernel32+0x0 @ 0x77200000 0x1ffab8 0x1ffab8 0x1ffab8 0x2725e2 0x243136 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa 0x267be0779514aa exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefde3a49d registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095824 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2095832 registers.rdi: 5354553344 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 @ 0x77950bd2 exception.instruction_r: 48 cf 48 83 ec 30 4c 8b c4 48 81 ec d0 04 00 00 exception.symbol: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 exception.instruction: iretq exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 330706 exception.address: 0x77950bd2 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1
__exception__ Oct. 11, 2021, 10:10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 2094000 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357633579 registers.rsp: 2095912 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2006107425 registers.rdi: 0 registers.rax: 2008294871 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (13 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76ec1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 2236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e92000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77b7f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77af0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01150000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0114a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0114a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2021, 10:17 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0114a000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Users\test22\AppData\Local\Temp\nso7CDB.tmp\UAC.dll
file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Users\test22\AppData\Local\Temp\chleuh\enrichvp.exe
file	C:\Program Files (x86)\foler\olader\adprovider.dll
file	C:\Users\test22\AppData\Local\Temp\chleuh\infern.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nso7CDB.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\chleuh\enrichvp.exe

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 11, 2021, 10:17 a.m.	class_name: 18467-41 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 11, 2021, 10:10 a.m.	tid: 2880 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 11, 2021, 10:17 a.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 11, 2021, 10:17 a.m.	stacktrace: exception.instruction_r: ed e9 4a 03 03 00 c3 e9 62 0b fd ff d1 05 6d 48 exception.symbol: enrichvp+0x39a1c4 exception.instruction: in eax, dx exception.module: enrichvp.exe exception.exception_code: 0xc0000096 exception.offset: 3776964 exception.address: 0x14ca1c4 registers.esp: 2882984 registers.edi: 4730512 registers.eax: 1447909480 registers.ebp: 18190336 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 20217706 registers.ecx: 10	1	0	0

File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.D.IMW@dusDNDdi
FireEye	Generic.mg.4db7eb28029846ea
CAT-QuickHeal	Trojan.GenericRI.S22849637
ALYac	Gen:Variant.Razy.920754
Zillya	Dropper.Scrop.Win32.1356
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0056e5201 )
K7GW	Trojan ( 0056e5201 )
Cybereason	malicious.802984
BitDefenderTheta	AI:Packer.E53E59221E
Cyren	W32/Kryptik.FHH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Filerepmalware-9864117-0
Kaspersky	HEUR:Trojan.Win32.SelfDel.pef
BitDefender	Gen:Trojan.Heur.D.IMW@dusDNDdi
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	NSIS:CrypterX-gen [Trj]
VIPRE	Trojan.Win32.Generic.pak!cobra
McAfee-GW-Edition	BehavesLike.Win32.OneSysCare.tc
Emsisoft	Gen:Trojan.Heur.D.IMW@dusDNDdi (B)
eGambit	Unsafe.AI_Score_99%
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win32.Trojan.BSE.HLJWVB
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win32.Generic.C4225009
MAX	malware (ai score=88)
VBA32	BScope.TrojanBanker.Ponteiro
Malwarebytes	Malware.AI.753280343
Rising	Trojan.Generic@ML.100 (RDML:2beTezeH1xaiqFoY/mXHXQ)
SentinelOne	Static AI - Suspicious PE
AVG	NSIS:CrypterX-gen [Trj]

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All