Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 14, 2021, 9:35 a.m.	Oct. 14, 2021, 9:58 a.m.

Size	608.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`1b9e338e3d92bda52862a729c6dbb9c6`
SHA256	`f2b60c13254070f3bcab11342564929fdba9670bf97d26ef0a64362c0099c73d`
CRC32	`2B0E8201`
ssdeep	`12288:zZGQdqOGJoJqydLqQSeCqsVK8kPRGO35N9mV4zXc6:zZ0SWjeCVVK8kP9N9oE`
PDB Path	c:\Cause\417\Organ\Out vi\grand.pdb
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsDLL - (no description) Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\e64v7wm.jpg.dll,DictionaryProcess
2132
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\e64v7wm.jpg.dll,Horsefraction
1080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\e64v7wm.jpg.dll,Pitch
2308
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\e64v7wm.jpg.dll,
2212

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\Cause\417\Organ\Out vi\grand.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 14, 2021, 9:36 a.m.		1	1	0

One or more processes crashed (50 out of 247 events)

Time & API	Arguments	Status
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879516 registers.edi: 5908336 registers.eax: 2008080422 registers.ebp: 2008154697 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1990393856 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 16 registers.eax: 2008080422 registers.ebp: 38930384 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 15 registers.eax: 2008080422 registers.ebp: 38930400 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 14 registers.eax: 2008080422 registers.ebp: 38930416 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 13 registers.eax: 2008080422 registers.ebp: 38930432 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 38930448 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 11 registers.eax: 2008080422 registers.ebp: 38930464 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 10 registers.eax: 2008080422 registers.ebp: 38930480 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 9 registers.eax: 2008080422 registers.ebp: 38930496 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 8 registers.eax: 2008080422 registers.ebp: 38930512 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 7 registers.eax: 2008080422 registers.ebp: 38930528 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 38930544 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 5 registers.eax: 2008080422 registers.ebp: 38930560 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 4 registers.eax: 2008080422 registers.ebp: 38930576 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 3 registers.eax: 2008080422 registers.ebp: 38930592 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 2 registers.eax: 2008080422 registers.ebp: 38930608 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879492 registers.edi: 1 registers.eax: 2008080422 registers.ebp: 38930624 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: DllRegisterServer+0xcbc7 e64v7wm+0x16937 @ 0x9a6937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2878696 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 2879760 registers.edx: 23 registers.ebx: 2879776 registers.esi: 23 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879744 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 38933864 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 38933888 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 38933912 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 38933936 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 38933960 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 38933984 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 38934008 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 38934032 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 38934056 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 38934080 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 38934104 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 38934128 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 38934152 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 38934176 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 38934200 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x9a105c registers.esp: 2879720 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 38934224 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651976 registers.edi: 4073320 registers.eax: 2008080422 registers.ebp: 2008154697 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1990393856 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 16 registers.eax: 2008080422 registers.ebp: 8718288 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 15 registers.eax: 2008080422 registers.ebp: 8718304 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 14 registers.eax: 2008080422 registers.ebp: 8718320 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 13 registers.eax: 2008080422 registers.ebp: 8718336 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 8718352 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 11 registers.eax: 2008080422 registers.ebp: 8718368 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 10 registers.eax: 2008080422 registers.ebp: 8718384 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 9 registers.eax: 2008080422 registers.ebp: 8718400 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 8 registers.eax: 2008080422 registers.ebp: 8718416 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 7 registers.eax: 2008080422 registers.ebp: 8718432 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 8718448 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 5 registers.eax: 2008080422 registers.ebp: 8718464 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 4 registers.eax: 2008080422 registers.ebp: 8718480 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 9:36 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec e64v7wm+0x1105c exception.address: 0x1d9105c registers.esp: 651952 registers.edi: 3 registers.eax: 2008080422 registers.ebp: 8718496 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (20 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 14, 2021, 9:35 a.m.	process_identifier: 2132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009bd000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:35 a.m.	process_identifier: 2132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2132 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a24000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2132 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00380000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2132 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2132 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ad0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:35 a.m.	process_identifier: 1080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01dad000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:35 a.m.	process_identifier: 1080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 1080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e14000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 1080 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 1080 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00810000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 1080 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00820000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:35 a.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01ddd000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:35 a.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e44000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2308 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2308 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00810000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 9:36 a.m.	process_identifier: 2308 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e53000 process_handle: 0xffffffff	1

e64v7wm.jpg

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All