Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 2, 2021, 11:31 a.m.	Nov. 2, 2021, 11:36 a.m.

Size	5.9MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`82cf57370e124c4813d271a271b602e3`
SHA256	`8798fc1226b6cbc166c1ade4c5e5d3472e30b078ccbeb399376df8b29d3dae8f`
CRC32	`BF798BAD`
ssdeep	`98304:xZAHTsE2H2srchEYlX/A1z8Rqx2bezeSpqQKTrlM9n7emjthNgNQ7sgkP4+PP:xuTsvZclvA1Uq8eze4/n7bj3yNQ7ePZn`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

sodomy.exe "C:\Users\test22\AppData\Local\Temp\sodomy.exe"
2776
- thracevp.exe "C:\Users\test22\AppData\Local\Temp\aculea\thracevp.exe"
  2892
- zircon.exe "C:\Users\test22\AppData\Local\Temp\aculea\zircon.exe"
  2936

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 2, 2021, 11:31 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Nov. 2, 2021, 11:31 a.m.	stacktrace: thracevp+0x367674 @ 0x1477674 thracevp+0x371ca7 @ 0x1481ca7 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x760cb727 registers.esp: 3930560 registers.edi: 18059264 registers.eax: 3930560 registers.ebp: 3930640 registers.edx: 2130566132 registers.ebx: 3866667 registers.esi: 2003530795 registers.ecx: 1976696832	1
__exception__ Nov. 2, 2021, 11:31 a.m.	stacktrace: exception.instruction_r: ed e9 c0 6a 09 00 c3 e9 97 10 04 00 22 3f 35 00 exception.symbol: thracevp+0x311516 exception.instruction: in eax, dx exception.module: thracevp.exe exception.exception_code: 0xc0000096 exception.offset: 3216662 exception.address: 0x1421516 registers.esp: 3930680 registers.edi: 7482808 registers.eax: 1750617430 registers.ebp: 18059264 registers.edx: 2130532438 registers.ebx: 0 registers.esi: 13 registers.ecx: 20	1
__exception__ Nov. 2, 2021, 11:31 a.m.	stacktrace: exception.instruction_r: ed e9 49 cf 0c 00 78 8b 6b 1a 45 35 33 99 00 aa exception.symbol: thracevp+0x2c51e9 exception.instruction: in eax, dx exception.module: thracevp.exe exception.exception_code: 0xc0000096 exception.offset: 2904553 exception.address: 0x13d51e9 registers.esp: 3930680 registers.edi: 7482808 registers.eax: 1447909480 registers.ebp: 18059264 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefda7a49d zircon+0x4f6269 @ 0x13f9b6269 zircon+0x4ff9ed @ 0x13f9bf9ed HeapWalk-0x1ce0 kernel32+0x0 @ 0x76f80000 0x1afcd8 0x1afcd8 0x1afcd8 0x272a52 0x2430b6 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa 0x267b70774b14aa exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefda7a49d registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 2002008784 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768688 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1768696 registers.rdi: 5357109248 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 @ 0x774b0bd2 exception.instruction_r: 48 cf 48 83 ec 30 4c 8b c4 48 81 ec d0 04 00 00 exception.symbol: RtlRestoreContext+0x293 __chkstk-0x1fe ntdll+0x50bd2 exception.instruction: iretq exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 330706 exception.address: 0x774b0bd2 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1
__exception__ Nov. 2, 2021, 11:24 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1766864 registers.rsi: 0 registers.r10: 0 registers.rbx: 5357305899 registers.rsp: 1768776 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 2001257761 registers.rdi: 0 registers.rax: 2000926744 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x739a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76a81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73991000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733b4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733f2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x776df000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77650000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01130000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0112a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0112a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0112a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:31 a.m.	process_identifier: 2892 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0112a000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:24 a.m.	process_identifier: 2936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077557000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 2, 2021, 11:24 a.m.	process_identifier: 2936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000774b0000 process_handle: 0xffffffffffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Users\test22\AppData\Local\Temp\nsaE3B9.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\aculea\zircon.exe
file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Program Files (x86)\foler\olader\adprovider.dll
file	C:\Users\test22\AppData\Local\Temp\aculea\thracevp.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\aculea\thracevp.exe
file	C:\Users\test22\AppData\Local\Temp\nsaE3B9.tmp\UAC.dll

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: pediy06 window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Nov. 2, 2021, 11:31 a.m.	class_name: 18467-41 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Nov. 2, 2021, 11:24 a.m.	tid: 2940 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Nov. 2, 2021, 11:31 a.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Nov. 2, 2021, 11:31 a.m.	stacktrace: exception.instruction_r: ed e9 49 cf 0c 00 78 8b 6b 1a 45 35 33 99 00 aa exception.symbol: thracevp+0x2c51e9 exception.instruction: in eax, dx exception.module: thracevp.exe exception.exception_code: 0xc0000096 exception.offset: 2904553 exception.address: 0x13d51e9 registers.esp: 3930680 registers.edi: 7482808 registers.eax: 1447909480 registers.ebp: 18059264 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1	0	0

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Heur.D.GMW@dCdDedii
FireEye	Generic.mg.82cf57370e124c48
CAT-QuickHeal	Trojan.GenericRI.S22849637
Zillya	Dropper.Scrop.Win32.1411
Sangfor	Suspicious.Win32.Save.a
K7GW	Trojan ( 00581b8a1 )
K7AntiVirus	Trojan ( 00581b8a1 )
Cyren	W32/Kryptik.FHH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.Win32.Convagent.gen
BitDefender	Gen:Trojan.Heur.D.GMW@dCdDedii
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win32:CrypterX-gen [Trj]
Rising	Trojan.Generic@ML.90 (RDML:lsCWlYbYhsaelpXV9WqxwA)
Emsisoft	Trojan.Agent (A)
eGambit	Unsafe.AI_Score_99%
Avira	HEUR/AGEN.1140896
Arcabit	Trojan.Mikey.D1F2C6
ZoneAlarm	HEUR:Trojan-PSW.Win32.Coins.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 99)
VBA32	BScope.Trojan.Wacatac
MAX	malware (ai score=82)
Malwarebytes	Trojan.Dropper
AVG	Win32:CrypterX-gen [Trj]

sodomy.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All