Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 27, 2021, 10 a.m.	Oct. 27, 2021, 10:12 a.m.

Size	6.1MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`aa097cd2ea67822b909850f8f6df13b2`
SHA256	`c2213cc74b11ff7931d042044d696bc98f047883032280ac1a6d7d7ec80f9389`
CRC32	`7B739E1B`
ssdeep	`196608:/Og/9KGqkJ8F1qpRd1IgnpkN+i1wUoiHWWjEY2U1:/OEiG8WpLzpf3Uo0p1`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

temple.exe "C:\Users\test22\AppData\Local\Temp\temple.exe"
1772
- galeusvp.exe "C:\Users\test22\AppData\Local\Temp\feosol\galeusvp.exe"
  584
- imbibe.exe "C:\Users\test22\AppData\Local\Temp\feosol\imbibe.exe"
  804

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 27, 2021, 10 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: galeusvp+0x23c25c @ 0x13fc25c galeusvp+0x35d574 @ 0x151d574 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 2686112 registers.edi: 18780160 registers.eax: 2686112 registers.ebp: 2686192 registers.edx: 2130566132 registers.ebx: 1968963558 registers.esi: 2000778283 registers.ecx: 4155637760	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.instruction_r: ed e9 83 a4 ff ff c3 e9 6d a4 ff ff 3d 90 2f ff exception.symbol: galeusvp+0x3a093d exception.instruction: in eax, dx exception.module: galeusvp.exe exception.exception_code: 0xc0000096 exception.offset: 3803453 exception.address: 0x156093d registers.esp: 2686232 registers.edi: 4141720 registers.eax: 1750617430 registers.ebp: 18780160 registers.edx: 2130532438 registers.ebx: 0 registers.esi: 13 registers.ecx: 20	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.instruction_r: ed e9 65 33 12 00 2b 9c 07 b9 91 00 aa 00 2c ca exception.symbol: galeusvp+0x26040a exception.instruction: in eax, dx exception.module: galeusvp.exe exception.exception_code: 0xc0000096 exception.offset: 2491402 exception.address: 0x142040a registers.esp: 2686232 registers.edi: 4141720 registers.eax: 1447909480 registers.ebp: 18780160 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d imbibe+0x41bf97 @ 0x14036bf97 imbibe+0x50b3f9 @ 0x14045b3f9 HeapWalk-0x1ce0 kernel32+0x0 @ 0x76e40000 0x16f9b8 0x16f9b8 0x16f9b8 0x2a2c32 0x273316 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea 0x297dc0772113ea exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd6da49d registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 1999256272 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505744 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1505752 registers.rdi: 5368184832 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 @ 0x77210bd2 exception.instruction_r: 48 cf 48 83 ec 30 4c 8b c4 48 81 ec d0 04 00 00 exception.symbol: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 exception.instruction: iretq exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 330706 exception.address: 0x77210bd2 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1503920 registers.rsi: 0 registers.r10: 0 registers.rbx: 5369427446 registers.rsp: 1505832 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1998505249 registers.rdi: 0 registers.rax: 1999715481 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 1772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73721000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 1772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 1772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 1772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73711000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 1772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 1772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72764000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 1772 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7743f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x011e0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x011da000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x011da000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x011da000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000772b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 27, 2021, 10 a.m.	process_identifier: 804 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077210000 process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Users\test22\AppData\Local\Temp\feosol\imbibe.exe
file	C:\Users\test22\AppData\Local\Temp\nsq654B.tmp\UAC.dll
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Users\test22\AppData\Local\Temp\feosol\galeusvp.exe
file	C:\Program Files (x86)\foler\olader\adprovider.dll

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsq654B.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\feosol\galeusvp.exe

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Oct. 27, 2021, 10 a.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 27, 2021, 10 a.m.	tid: 2936 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Oct. 27, 2021, 10 a.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 27, 2021, 10 a.m.	stacktrace: exception.instruction_r: ed e9 65 33 12 00 2b 9c 07 b9 91 00 aa 00 2c ca exception.symbol: galeusvp+0x26040a exception.instruction: in eax, dx exception.module: galeusvp.exe exception.exception_code: 0xc0000096 exception.offset: 2491402 exception.address: 0x142040a registers.esp: 2686232 registers.edi: 4141720 registers.eax: 1447909480 registers.ebp: 18780160 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1	0	0

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.aa097cd2ea67822b
McAfee	GenericRXAA-FA!AA097CD2EA67
Zillya	Trojan.Swisyn.Win32.35912
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.2ea678
BitDefenderTheta	AI:Packer.544F78141E
Cyren	W32/Kryptik.FHH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
ClamAV	Win.Packed.Filerepmalware-9864117-0
Kaspersky	HEUR:Trojan.Win32.SelfDel.pef
BitDefender	Gen:Trojan.Heur.D.OMW@deXpYCli
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:CrypterX-gen [Trj]
Rising	Trojan.Generic@ML.100 (RDML:c5I7YroQblVpfUEasAqUpA)
Emsisoft	Trojan.Agent (A)
Sophos	Generic ML PUA (PUA)
Avira	HEUR/AGEN.1140896
MAX	malware (ai score=87)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Win32.Trojan.BSE.HLJWVB
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R441088
VBA32	BScope.Trojan.Wacatac
ALYac	Gen:Variant.Razy.921612
Malwarebytes	Trojan.Dropper
AVG	Win32:CrypterX-gen [Trj]

temple.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All