Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 14, 2021, 9:33 a.m.	Oct. 14, 2021, 9:36 a.m.

Size	608.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`c3ccab71c3e1166b2536c7c7d6035373`
SHA256	`30d40d6a60e1221d27a8c3616bd7ad63059effe100d3325d42258d106d77a0a5`
CRC32	`EAD0DA9D`
ssdeep	`12288:HZGQdqOGFdJqydLqQSeCqsVK8kPRGO35N9mVNzXc6:HZ0TWjeCVVK8kP9N9oR`
PDB Path	c:\Cause\417\Organ\Out vi\grand.pdb
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsDLL - (no description) Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\pa2ipn2m.jpg.dll,DictionaryProcess
1660
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\pa2ipn2m.jpg.dll,Horsefraction
2860
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\pa2ipn2m.jpg.dll,Pitch
2532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\pa2ipn2m.jpg.dll,
2760

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\Cause\417\Organ\Out vi\grand.pdb

One or more processes crashed (50 out of 105 events)

Time & API	Arguments	Status
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684228 registers.edi: 5515128 registers.eax: 2008080422 registers.ebp: 2008154697 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1990393856 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 16 registers.eax: 2008080422 registers.ebp: 37291984 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 15 registers.eax: 2008080422 registers.ebp: 37292000 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 14 registers.eax: 2008080422 registers.ebp: 37292016 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 13 registers.eax: 2008080422 registers.ebp: 37292032 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 37292048 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 11 registers.eax: 2008080422 registers.ebp: 37292064 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 10 registers.eax: 2008080422 registers.ebp: 37292080 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 9 registers.eax: 2008080422 registers.ebp: 37292096 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 8 registers.eax: 2008080422 registers.ebp: 37292112 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 7 registers.eax: 2008080422 registers.ebp: 37292128 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 37292144 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 5 registers.eax: 2008080422 registers.ebp: 37292160 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 4 registers.eax: 2008080422 registers.ebp: 37292176 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 3 registers.eax: 2008080422 registers.ebp: 37292192 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 2 registers.eax: 2008080422 registers.ebp: 37292208 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684204 registers.edi: 1 registers.eax: 2008080422 registers.ebp: 37292224 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: DllRegisterServer+0xcbc7 pa2ipn2m+0x16937 @ 0x2176937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2683400 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 2684472 registers.edx: 23 registers.ebx: 2684488 registers.esi: 23 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684456 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 37295464 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 37295488 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 37295512 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 37295536 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 37295560 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 37295584 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 37295608 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 37295632 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 37295656 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 37295680 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 37295704 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 37295728 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 37295752 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 37295776 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 37295800 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0x217105c registers.esp: 2684432 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 37295824 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356400 registers.edi: 7022440 registers.eax: 2008080422 registers.ebp: 2008154697 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1990393856 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 16 registers.eax: 2008080422 registers.ebp: 34998224 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 15 registers.eax: 2008080422 registers.ebp: 34998240 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 14 registers.eax: 2008080422 registers.ebp: 34998256 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 13 registers.eax: 2008080422 registers.ebp: 34998272 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 34998288 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 11 registers.eax: 2008080422 registers.ebp: 34998304 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 10 registers.eax: 2008080422 registers.ebp: 34998320 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 9 registers.eax: 2008080422 registers.ebp: 34998336 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 8 registers.eax: 2008080422 registers.ebp: 34998352 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 7 registers.eax: 2008080422 registers.ebp: 34998368 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 34998384 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 5 registers.eax: 2008080422 registers.ebp: 34998400 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 4 registers.eax: 2008080422 registers.ebp: 34998416 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:33 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec pa2ipn2m+0x1105c exception.address: 0xa5105c registers.esp: 2356376 registers.edi: 3 registers.eax: 2008080422 registers.ebp: 34998432 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (18 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 1660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0218d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 1660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 1660 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x021f4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 1660 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 1660 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00350000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 1660 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00930000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a6d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2860 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00380000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2860 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2860 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b80000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003cd000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00434000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00520000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2532 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

Elastic	malicious (high confidence)
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (W)
APEX	Malicious
Sophos	ML/PE-A
SentinelOne	Static AI - Suspicious PE

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 14, 2021, 9:33 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 212992 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003a1000 process_handle: 0xffffffff	1	0	0

pa2ipn2m.jpg

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All