Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 29, 2021, 9:26 a.m.	Oct. 29, 2021, 9:29 a.m.

Size	1.0MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`8c6258bd9f567fed899aeb3f68aaa861`
SHA256	`711a5e2cd2dc83c0711b9995db62072da4cba477cd21a1a9a95cd5d92e6f9185`
CRC32	`680AFC1E`
ssdeep	`24576:x2c6WRTUUt+HxHGRivPX04OhWqVD6wKhGm31m:iW5tQHlvv0f5B6Vhv31`
PDB Path	c:\12-Early\went\Whether\View\Stop.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trze3v.tar.dll,Thousandwire
2516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trze3v.tar.dll,Weight
2620
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trze3v.tar.dll,Ledblock
1896
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trze3v.tar.dll,
2348

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\12-Early\went\Whether\View\Stop.pdb

One or more processes crashed (50 out of 105 events)

Time & API	Arguments	Status
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913076 registers.edi: 2565984 registers.eax: 2002182182 registers.ebp: 2002256457 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1983250432 registers.ecx: 66040	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 16 registers.eax: 2002182182 registers.ebp: 11143120 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 15 registers.eax: 2002182182 registers.ebp: 11143136 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 14 registers.eax: 2002182182 registers.ebp: 11143152 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 13 registers.eax: 2002182182 registers.ebp: 11143168 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 12 registers.eax: 2002182182 registers.ebp: 11143184 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 11 registers.eax: 2002182182 registers.ebp: 11143200 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 10 registers.eax: 2002182182 registers.ebp: 11143216 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 9 registers.eax: 2002182182 registers.ebp: 11143232 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 8 registers.eax: 2002182182 registers.ebp: 11143248 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 7 registers.eax: 2002182182 registers.ebp: 11143264 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 11143280 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 5 registers.eax: 2002182182 registers.ebp: 11143296 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 4 registers.eax: 2002182182 registers.ebp: 11143312 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 3 registers.eax: 2002182182 registers.ebp: 11143328 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 2 registers.eax: 2002182182 registers.ebp: 11143344 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913052 registers.edi: 1 registers.eax: 2002182182 registers.ebp: 11143360 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: DllRegisterServer+0xcbc7 trze3v+0x16937 @ 0x73f86937 exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 912248 registers.edi: 12 registers.eax: 2002182182 registers.ebp: 913320 registers.edx: 23 registers.ebx: 913336 registers.esi: 23 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913304 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 96784 registers.edx: 827898 registers.ebx: 0 registers.esi: 282 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 16 registers.edx: 0 registers.ebx: 64 registers.esi: 11146600 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 15 registers.edx: 0 registers.ebx: 64 registers.esi: 11146624 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 14 registers.edx: 0 registers.ebx: 64 registers.esi: 11146648 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 13 registers.edx: 0 registers.ebx: 64 registers.esi: 11146672 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 12 registers.edx: 0 registers.ebx: 64 registers.esi: 11146696 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 11 registers.edx: 0 registers.ebx: 64 registers.esi: 11146720 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 10 registers.edx: 0 registers.ebx: 64 registers.esi: 11146744 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 9 registers.edx: 0 registers.ebx: 64 registers.esi: 11146768 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 8 registers.edx: 0 registers.ebx: 64 registers.esi: 11146792 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 7 registers.edx: 0 registers.ebx: 64 registers.esi: 11146816 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 6 registers.edx: 0 registers.ebx: 64 registers.esi: 11146840 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 5 registers.edx: 0 registers.ebx: 64 registers.esi: 11146864 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 4 registers.edx: 0 registers.ebx: 64 registers.esi: 11146888 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 3 registers.edx: 0 registers.ebx: 64 registers.esi: 11146912 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 2 registers.edx: 0 registers.ebx: 64 registers.esi: 11146936 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 913280 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 1 registers.edx: 0 registers.ebx: 64 registers.esi: 11146960 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307820 registers.edi: 5318608 registers.eax: 2002182182 registers.ebp: 2002256457 registers.edx: 129161 registers.ebx: 2704346981 registers.esi: 1983250432 registers.ecx: 66040	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 16 registers.eax: 2002182182 registers.ebp: 4458448 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 15 registers.eax: 2002182182 registers.ebp: 4458464 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 14 registers.eax: 2002182182 registers.ebp: 4458480 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 13 registers.eax: 2002182182 registers.ebp: 4458496 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 12 registers.eax: 2002182182 registers.ebp: 4458512 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 11 registers.eax: 2002182182 registers.ebp: 4458528 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 10 registers.eax: 2002182182 registers.ebp: 4458544 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 9 registers.eax: 2002182182 registers.ebp: 4458560 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 8 registers.eax: 2002182182 registers.ebp: 4458576 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 7 registers.eax: 2002182182 registers.ebp: 4458592 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 6 registers.eax: 2002182182 registers.ebp: 4458608 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 5 registers.eax: 2002182182 registers.ebp: 4458624 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 4 registers.eax: 2002182182 registers.ebp: 4458640 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1
__exception__ Oct. 29, 2021, 9:26 a.m.	stacktrace: exception.instruction_r: cc c3 5d c3 33 c0 5d c3 68 e0 7d b6 c0 68 ea b3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: DllRegisterServer+0x72ec trze3v+0x1105c exception.address: 0x73f8105c registers.esp: 1307796 registers.edi: 3 registers.eax: 2002182182 registers.ebp: 4458656 registers.edx: 0 registers.ebx: 0 registers.esi: 64 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ffc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74071000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2516 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00780000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2516 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00790000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2516 region_size: 610304 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00810000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ffc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74071000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2620 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00310000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2620 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00320000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 2620 region_size: 610304 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73ffc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 1896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74071000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 1896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 1896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 29, 2021, 9:26 a.m.	process_identifier: 1896 region_size: 610304 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

File has been identified by 15 AntiVirus engines on VirusTotal as malicious (15 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Fragtor.35825
FireEye	Gen:Variant.Fragtor.35825
Sangfor	Suspicious.Win32.Save.a
BitDefenderTheta	AI:Packer.3B9129FD21
Cyren	W32/Dridex.FT.gen!Eldorado
ESET-NOD32	a variant of Win32/GenKryptik.FMSA
Kaspersky	VHO:Trojan-Banker.Win32.Cridex.gen
BitDefender	Gen:Variant.Fragtor.35825
Ad-Aware	Gen:Variant.Fragtor.35825
Emsisoft	Gen:Variant.Fragtor.35825 (B)
MAX	malware (ai score=84)
GData	Gen:Variant.Fragtor.35825
McAfee	GenericRXAA-AA!8C6258BD9F56
Panda	Trj/Genetic.gen

trze3v.tar

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All