Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 14, 2021, 3:34 p.m.	Oct. 14, 2021, 3:44 p.m.

Size	604.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`24ceaa006c0dce2aedb1e4af1d0ae187`
SHA256	`04383e92078b7bba5951c99dc00908e38ec8c544aedf9c30743ae2a8516621f9`
CRC32	`8AA21305`
ssdeep	`12288:ZuIB8rwMtjp4CqwqyaXPLAfx38TW9DiWUT2tq017JGoLbuW/:0Nb4wqyaDA5sTWiXT2tq07G2T/`
PDB Path	c:\299_Flow\him\bell_opposite\order\Most.pdb
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsDLL - (no description) Malicious_Library_Zero - Malicious_Library Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\m2pb6t7.jpg.dll,Growother
1040
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\m2pb6t7.jpg.dll,Minute
1612
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\m2pb6t7.jpg.dll,WordForce
808
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\m2pb6t7.jpg.dll,
2408

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\299_Flow\him\bell_opposite\order\Most.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 14, 2021, 3:34 p.m.		1	1	0

One or more processes crashed (50 out of 390 events)

Time & API	Arguments	Status
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093656 registers.edi: 2697048 registers.eax: 2008080422 registers.ebp: 2008154697 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1990393856 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 16 registers.eax: 2008080422 registers.ebp: 35063760 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 15 registers.eax: 2008080422 registers.ebp: 35063776 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 14 registers.eax: 2008080422 registers.ebp: 35063792 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 13 registers.eax: 2008080422 registers.ebp: 35063808 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 35063824 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 11 registers.eax: 2008080422 registers.ebp: 35063840 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 10 registers.eax: 2008080422 registers.ebp: 35063856 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 9 registers.eax: 2008080422 registers.ebp: 35063872 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 8 registers.eax: 2008080422 registers.ebp: 35063888 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 7 registers.eax: 2008080422 registers.ebp: 35063904 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 35063920 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 5 registers.eax: 2008080422 registers.ebp: 35063936 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 4 registers.eax: 2008080422 registers.ebp: 35063952 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 3 registers.eax: 2008080422 registers.ebp: 35063968 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 2 registers.eax: 2008080422 registers.ebp: 35063984 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093632 registers.edi: 1 registers.eax: 2008080422 registers.ebp: 35064000 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: DllRegisterServer+0xcbc7 m2pb6t7+0x16937 @ 0x876937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2092824 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 2093900 registers.edx: 23 registers.ebx: 2093916 registers.esi: 23 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093884 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 35067240 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 35067264 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 35067288 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 35067312 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 35067336 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 35067360 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 35067384 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 35067408 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 35067432 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 35067456 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 35067480 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 35067504 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 35067528 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 35067552 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 35067576 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x87105c registers.esp: 2093860 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 35067600 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010504 registers.edi: 8988624 registers.eax: 2008080422 registers.ebp: 2008154697 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1990393856 registers.ecx: 66040	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 16 registers.eax: 2008080422 registers.ebp: 13240272 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 15 registers.eax: 2008080422 registers.ebp: 13240288 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 14 registers.eax: 2008080422 registers.ebp: 13240304 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 13 registers.eax: 2008080422 registers.ebp: 13240320 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 12 registers.eax: 2008080422 registers.ebp: 13240336 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 11 registers.eax: 2008080422 registers.ebp: 13240352 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 10 registers.eax: 2008080422 registers.ebp: 13240368 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 9 registers.eax: 2008080422 registers.ebp: 13240384 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 8 registers.eax: 2008080422 registers.ebp: 13240400 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 7 registers.eax: 2008080422 registers.ebp: 13240416 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 6 registers.eax: 2008080422 registers.ebp: 13240432 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 5 registers.eax: 2008080422 registers.ebp: 13240448 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 4 registers.eax: 2008080422 registers.ebp: 13240464 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 14, 2021, 3:34 p.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec m2pb6t7+0x1105c exception.address: 0x6c105c registers.esp: 3010480 registers.edi: 3 registers.eax: 2008080422 registers.ebp: 13240480 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (22 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0088c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x749b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008f3000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00810000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1040 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00990000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x749b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00743000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00840000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a60000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74501000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 1612 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74503000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004ac000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x749b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00513000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 region_size: 614400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74501000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 14, 2021, 3:34 p.m.	process_identifier: 808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74503000 process_handle: 0xffffffff	1

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

Elastic	malicious (high confidence)
McAfee	Artemis!24CEAA006C0D
Cylance	Unsafe
APEX	Malicious
Kaspersky	UDS:Trojan-Downloader.Win32.Cridex
Avast	FileRepMalware
McAfee-GW-Edition	Artemis!Trojan
Sophos	ML/PE-A
Webroot	W32.Malware.Gen
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Casdet!rfn
VBA32	BScope.TrojanBanker.IcedID
SentinelOne	Static AI - Suspicious PE
AVG	FileRepMalware

m2pb6t7.jpg

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All