Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 14, 2021, 9:31 a.m.	Oct. 14, 2021, 9:39 a.m.

Size	608.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`ac8eb6360389ab8c55a60981aab9b3a6`
SHA256	`eeec0d9f9c56d990ad2f537b919d23117cf9610b2babcc88c2ace6e4387a206c`
CRC32	`901415F7`
ssdeep	`12288:5ZGQdqOGoCJqydLqQSeCqsVK8kPRGO35N9mVSzXc6:5Z0jWjeCVVK8kP9N9oW`
PDB Path	c:\Cause\417\Organ\Out vi\grand.pdb
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsDLL - (no description) Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\twh2xzxtd.jpg.dll,DictionaryProcess
2228
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\twh2xzxtd.jpg.dll,Horsefraction
2876
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\twh2xzxtd.jpg.dll,Pitch
1048
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\twh2xzxtd.jpg.dll,
2540

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\Cause\417\Organ\Out vi\grand.pdb

One or more processes crashed (50 out of 105 events)

Time & API	Arguments	Status
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617736 registers.edi: 3353480 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 8390608 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 8390624 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 8390640 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 8390656 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 8390672 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 8390688 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 8390704 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 8390720 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 8390736 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 8390752 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 8390768 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 8390784 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 4 registers.eax: 2000478246 registers.ebp: 8390800 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 3 registers.eax: 2000478246 registers.ebp: 8390816 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 2 registers.eax: 2000478246 registers.ebp: 8390832 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617712 registers.edi: 1 registers.eax: 2000478246 registers.ebp: 8390848 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: DllRegisterServer+0xcbc7 twh2xzxtd+0x16937 @ 0x8f6937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2616904 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 2617980 registers.edx: 23 registers.ebx: 2617996 registers.esi: 23 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617964 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 8394088 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 8394112 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 8394136 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 8394160 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 8394184 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 8394208 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 8394232 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 8394256 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 8394280 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 8394304 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 8394328 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 8394352 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 8394376 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 8394400 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 8394424 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x8f105c registers.esp: 2617940 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 8394448 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961804 registers.edi: 2829176 registers.eax: 2000478246 registers.ebp: 2000552521 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1970405376 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 16 registers.eax: 2000478246 registers.ebp: 8456144 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 15 registers.eax: 2000478246 registers.ebp: 8456160 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 14 registers.eax: 2000478246 registers.ebp: 8456176 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 13 registers.eax: 2000478246 registers.ebp: 8456192 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 12 registers.eax: 2000478246 registers.ebp: 8456208 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 11 registers.eax: 2000478246 registers.ebp: 8456224 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 10 registers.eax: 2000478246 registers.ebp: 8456240 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 9 registers.eax: 2000478246 registers.ebp: 8456256 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 8 registers.eax: 2000478246 registers.ebp: 8456272 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 7 registers.eax: 2000478246 registers.ebp: 8456288 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 6 registers.eax: 2000478246 registers.ebp: 8456304 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 5 registers.eax: 2000478246 registers.ebp: 8456320 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 4 registers.eax: 2000478246 registers.ebp: 8456336 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:31 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec twh2xzxtd+0x1105c exception.address: 0x89105c registers.esp: 1961780 registers.edi: 3 registers.eax: 2000478246 registers.ebp: 8456352 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (18 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0090d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73dd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00974000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2228 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2228 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2228 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02050000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008ad000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73dd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00914000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2876 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2876 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 2876 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 1048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007fd000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 1048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73dd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 1048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00864000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 1048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00970000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 1048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:31 a.m.	process_identifier: 1048 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

Elastic	malicious (high confidence)
Cylance	Unsafe
APEX	Malicious
Sophos	ML/PE-A
SentinelOne	Static AI - Suspicious PE
Microsoft	Trojan:Win32/Gozi.GA!MTB

twh2xzxtd.jpg

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All