Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 5, 2021, 6:23 p.m.	Nov. 5, 2021, 6:25 p.m.

Size	108.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`90a26541a81d20d10c82ed61f40942b1`
SHA256	`914c07c7cbbbf9af1325ec04593cc19871c222044d82a3c4e8d8bc837bcd66c4`
CRC32	`7C4B6DF6`
ssdeep	`1536:ST6oGBCDuIPad/OVn0kNB75O8ZjQrnzvA+6:3obugG+n0kNB75O8WX4+6`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

CHEVIOTTETS.exe "C:\Users\test22\AppData\Local\Temp\CHEVIOTTETS.exe"
204

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 5, 2021, 6:23 p.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

CUSTOM

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c9 8c ee cc c2 fd 2a bf 5b 81 01 92 e2 c2 4e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630524 registers.esp: 1635260 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 fd 2a bf 5b 81 01 92 e2 c2 4e d6 ab 54 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630528 registers.esp: 1635260 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 fe ef b6 1b 26 a7 9c bd 2e c7 6a 84 a3 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630542 registers.esp: 1635260 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 3946306072 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c6 c7 90 e3 54 09 71 0f 16 07 53 8b 9d f5 01 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630563 registers.esp: 1635260 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 0 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc de 89 9d 86 dd c4 24 67 26 73 00 67 4c 3d b6 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26305ee registers.esp: 1635244 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c5 a8 99 de a8 54 93 89 95 f0 01 00 00 ba 1c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630606 registers.esp: 1635240 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c4 b1 87 96 48 ad 8d 7c cc dd 71 fb 81 33 0e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630619 registers.esp: 1635240 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 3674005276 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc dd 71 fb 81 33 0e d3 23 8b 9b aa e9 bf 08 ad exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630622 registers.esp: 1635240 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 3674005276 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 7b a3 18 ce 4d 73 df 83 0f b6 3e 87 48 68 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630675 registers.esp: 1635236 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c1 f9 6e 3f 30 e8 fa af 6e 28 17 81 34 24 11 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x263068e registers.esp: 1635228 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc de c7 57 c1 70 e3 ac e8 58 b5 de ee 3f 89 86 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26306b4 registers.esp: 1635224 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 df da 71 30 24 2d f4 2f b1 f3 ff 40 0f 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630723 registers.esp: 1635212 registers.edi: 1433659917 registers.eax: 3189944 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c4 84 c6 71 e8 ad f4 80 35 8d ce 32 90 35 65 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630757 registers.esp: 1635208 registers.edi: 1433659917 registers.eax: 2532425526 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 ea db a8 28 e4 85 f4 89 74 96 86 95 94 50 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x263076f registers.esp: 1635208 registers.edi: 1433659917 registers.eax: 12 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c3 30 3c f1 4b cf 52 4d 09 74 68 a7 ab 8b 85 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26307a9 registers.esp: 1635204 registers.edi: 1433659917 registers.eax: 12 registers.ebp: 1635260 registers.edx: 40042496 registers.ebx: 40072937 registers.esi: 4217882 registers.ecx: 40043723	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c9 e0 96 83 c4 38 cc c9 d2 88 e8 a5 c2 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26307c2 registers.esp: 1635204 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 4095 registers.esi: 2147479552 registers.ecx: 2073952256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c9 d2 88 e8 a5 c2 00 00 cc c2 33 88 db 1d 8c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26307c9 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 4095 registers.esi: 2147479552 registers.ecx: 2073952256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 33 88 db 1d 8c 47 24 bb 2f 3d 23 75 6c e8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26307d2 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 3435973836 registers.ebp: 1635260 registers.edx: 40094425 registers.ebx: 1958346803 registers.esi: 2147479552 registers.ecx: 40095198	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c9 ab 4f cc c9 c8 c5 e9 54 8c 00 00 68 0a 7a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26307e6 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 3435973836 registers.ebp: 1635260 registers.edx: 40094425 registers.ebx: 1958346803 registers.esi: 2147479552 registers.ecx: 40095198	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c9 c8 c5 e9 54 8c 00 00 68 0a 7a e1 47 81 34 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26307ea registers.esp: 1635260 registers.edi: 1634944 registers.eax: 3435973836 registers.ebp: 1635260 registers.edx: 40094425 registers.ebx: 1958346803 registers.esi: 2147479552 registers.ecx: 40095198	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c3 42 ee 14 f2 ff 88 24 f7 51 5b de 4d 81 2c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630838 registers.esp: 1635252 registers.edi: 1634944 registers.eax: 3435973836 registers.ebp: 1635260 registers.edx: 40094425 registers.ebx: 1958346803 registers.esi: 2147479552 registers.ecx: 40095198	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc cb ec 99 0f 4e 05 12 81 db a0 cc d8 75 fc f5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630865 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 1596228647 registers.ebp: 1635260 registers.edx: 40094425 registers.ebx: 1958346803 registers.esi: 2147479552 registers.ecx: 61210630	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc d8 75 fc f5 f7 1f ee 23 8b 7a 7b 02 aa 47 e2 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630870 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 1337 registers.ebp: 1635260 registers.edx: 40094425 registers.ebx: 1958346803 registers.esi: 2147479552 registers.ecx: 61210630	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x75080000 0x3229f8 exception.instruction_r: cc c4 9b 20 b7 4b 3a d0 27 cc c9 ff 63 8b 4d 1c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26308da registers.esp: 1635260 registers.edi: 1634944 registers.eax: 1963555344 registers.ebp: 1635260 registers.edx: 1964262871 registers.ebx: 3945065663 registers.esi: 2147479552 registers.ecx: 281	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x75080000 0x3229f8 exception.instruction_r: cc c9 ff 63 8b 4d 1c cc c6 9c c8 b3 b8 ca 17 b1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26308e3 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 1963555344 registers.ebp: 1635260 registers.edx: 1964262871 registers.ebx: 3945065663 registers.esi: 2147479552 registers.ecx: 281	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x75080000 0x3229f8 exception.instruction_r: cc c6 9c c8 b3 b8 ca 17 b1 d1 a0 ba c6 fc 34 9b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26308ea registers.esp: 1635260 registers.edi: 1634944 registers.eax: 1963555344 registers.ebp: 1635260 registers.edx: 1964262871 registers.ebx: 3945065663 registers.esi: 2147479552 registers.ecx: 61210624	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c5 42 f7 00 9a b2 b2 81 34 24 c1 95 63 98 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630932 registers.esp: 1635252 registers.edi: 1634944 registers.eax: 2005205032 registers.ebp: 1635260 registers.edx: 2005168392 registers.ebx: 4164987682 registers.esi: 2147479552 registers.ecx: 380	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c7 74 4b 00 71 ab 65 37 bf 81 f1 aa c6 39 61 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26309a8 registers.esp: 1635244 registers.edi: 1634944 registers.eax: 2005205032 registers.ebp: 1635260 registers.edx: 2005168392 registers.ebx: 4164987682 registers.esi: 2147479552 registers.ecx: 3891544829	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c3 68 bc dd 98 06 3f fd 24 5e de 0b d6 81 e9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x26309b8 registers.esp: 1635244 registers.edi: 1634944 registers.eax: 2005205032 registers.ebp: 1635260 registers.edx: 2005168392 registers.ebx: 4164987682 registers.esi: 2147479552 registers.ecx: 2261615703	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c3 a3 ad 4c d7 0b 4f 60 fb 08 12 68 9f 50 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630a17 registers.esp: 1635240 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 2005168392 registers.ebx: 4164987682 registers.esi: 2147479552 registers.ecx: 380	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc ca 89 0c 51 92 c3 cc c2 9f 65 12 36 69 05 2c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630a2c registers.esp: 1635236 registers.edi: 1634944 registers.eax: 2005205032 registers.ebp: 1635260 registers.edx: 2005168392 registers.ebx: 4164987682 registers.esi: 2147479552 registers.ecx: 380	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 9f 65 12 36 69 05 2c 10 31 49 5d 9a ce 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630a33 registers.esp: 1635236 registers.edi: 1634944 registers.eax: 2005205032 registers.ebp: 1635260 registers.edx: 2005168392 registers.ebx: 4164987682 registers.esi: 2147479552 registers.ecx: 380	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c7 3b 5f 48 67 5a 43 65 5b 8b bd 23 02 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630a60 registers.esp: 1635232 registers.edi: 0 registers.eax: 2005205032 registers.ebp: 1635260 registers.edx: 2005168392 registers.ebx: 4164987682 registers.esi: 2147479552 registers.ecx: 380	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c3 30 7f 16 98 69 02 f0 68 55 92 5d 10 cc c7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630a75 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 2005215386 registers.esi: 2147479552 registers.ecx: 2073952256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c7 c7 0e a3 c5 05 12 7e 31 e9 3c 8a 00 00 eb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630a83 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 2005215386 registers.esi: 2147479552 registers.ecx: 2073952256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c2 fd f9 84 91 c9 23 24 b5 49 d4 50 bc dc 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630ad3 registers.esp: 1635252 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 2005215386 registers.esi: 2147479552 registers.ecx: 2073952256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc d8 e8 8a c7 bf 28 f5 f9 32 ff 31 0c 63 68 fc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630af0 registers.esp: 1635252 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 2005215386 registers.esi: 2147479552 registers.ecx: 2073952256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c9 78 37 59 cc c5 fb 44 da 31 e1 1e ba c2 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630b11 registers.esp: 1635256 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 2005215386 registers.esi: 2147479552 registers.ecx: 2073952256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x77830000 0x3229f8 exception.instruction_r: cc c5 fb 44 da 31 e1 1e ba c2 8b 23 08 e8 f0 99 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630b16 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 0 registers.ebp: 1635260 registers.edx: 576376 registers.ebx: 2005215386 registers.esi: 2147479552 registers.ecx: 61210639	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc c0 1b c7 13 e7 65 b1 00 e3 e4 8b 08 e9 5f 01 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630b28 registers.esp: 1635260 registers.edi: 1634944 registers.eax: 1969672655 registers.ebp: 1635260 registers.edx: 1969633409 registers.ebx: 595466988 registers.esi: 2147479552 registers.ecx: 242	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc c1 bc 27 78 41 e7 b7 36 aa f7 26 57 8b bd 66 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630b82 registers.esp: 1635256 registers.edi: 1635256 registers.eax: 1969672655 registers.ebp: 1635260 registers.edx: 0 registers.ebx: 40045726 registers.esi: 2147479552 registers.ecx: 242	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc c7 fb ad 77 9d 93 69 7d 59 89 8d 8a 01 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630b95 registers.esp: 1635252 registers.edi: 1634944 registers.eax: 1969672655 registers.ebp: 1635260 registers.edx: 0 registers.ebx: 40045726 registers.esi: 2147479552 registers.ecx: 242	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc c0 47 02 1e a0 6e 60 59 fc 43 ec df 8b 8d 8a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630ba8 registers.esp: 1635248 registers.edi: 1634944 registers.eax: 1969672655 registers.ebp: 1635260 registers.edx: 0 registers.ebx: 40045726 registers.esi: 2147479552 registers.ecx: 40045726	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: EnumWindows+0x16 CreateWindowExA-0x49 user32+0x1d1e5 @ 0x7566d1e5 New_user32_EnumWindows@8+0x75 New_user32_ExitWindowsEx@8-0x5c @ 0x748e6686 0x2630bbd gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc d9 b3 5a 24 d6 dc e8 49 93 d0 f8 e4 09 87 41 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630cda registers.esp: 1635100 registers.edi: 74 registers.eax: 1032248708 registers.ebp: 1635128 registers.edx: 0 registers.ebx: 0 registers.esi: 3200784 registers.ecx: 1635256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: EnumWindows+0x16 CreateWindowExA-0x49 user32+0x1d1e5 @ 0x7566d1e5 New_user32_EnumWindows@8+0x75 New_user32_ExitWindowsEx@8-0x5c @ 0x748e6686 0x2630bbd gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc c7 f3 04 61 a5 60 3d f7 6c 35 67 1b 43 de 2d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630cf3 registers.esp: 1635100 registers.edi: 74 registers.eax: 1388123002 registers.ebp: 1635128 registers.edx: 0 registers.ebx: 0 registers.esi: 3200784 registers.ecx: 1635256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: EnumWindows+0x16 CreateWindowExA-0x49 user32+0x1d1e5 @ 0x7566d1e5 New_user32_EnumWindows@8+0x75 New_user32_ExitWindowsEx@8-0x5c @ 0x748e6686 0x2630bbd gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc d9 b3 5a 24 d6 dc e8 49 93 d0 f8 e4 09 87 41 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630cda registers.esp: 1635100 registers.edi: 74 registers.eax: 1032248708 registers.ebp: 1635128 registers.edx: 0 registers.ebx: 1 registers.esi: 3200788 registers.ecx: 1635256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: EnumWindows+0x16 CreateWindowExA-0x49 user32+0x1d1e5 @ 0x7566d1e5 New_user32_EnumWindows@8+0x75 New_user32_ExitWindowsEx@8-0x5c @ 0x748e6686 0x2630bbd gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc c7 f3 04 61 a5 60 3d f7 6c 35 67 1b 43 de 2d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630cf3 registers.esp: 1635100 registers.edi: 74 registers.eax: 1388123002 registers.ebp: 1635128 registers.edx: 0 registers.ebx: 1 registers.esi: 3200788 registers.ecx: 1635256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: EnumWindows+0x16 CreateWindowExA-0x49 user32+0x1d1e5 @ 0x7566d1e5 New_user32_EnumWindows@8+0x75 New_user32_ExitWindowsEx@8-0x5c @ 0x748e6686 0x2630bbd gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc d9 b3 5a 24 d6 dc e8 49 93 d0 f8 e4 09 87 41 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630cda registers.esp: 1635100 registers.edi: 74 registers.eax: 1032248708 registers.ebp: 1635128 registers.edx: 0 registers.ebx: 2 registers.esi: 3200792 registers.ecx: 1635256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: EnumWindows+0x16 CreateWindowExA-0x49 user32+0x1d1e5 @ 0x7566d1e5 New_user32_EnumWindows@8+0x75 New_user32_ExitWindowsEx@8-0x5c @ 0x748e6686 0x2630bbd gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc c7 f3 04 61 a5 60 3d f7 6c 35 67 1b 43 de 2d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630cf3 registers.esp: 1635100 registers.edi: 74 registers.eax: 1388123002 registers.ebp: 1635128 registers.edx: 0 registers.ebx: 2 registers.esi: 3200792 registers.ecx: 1635256	1
__exception__ Nov. 5, 2021, 6:23 p.m.	stacktrace: EnumWindows+0x16 CreateWindowExA-0x49 user32+0x1d1e5 @ 0x7566d1e5 New_user32_EnumWindows@8+0x75 New_user32_ExitWindowsEx@8-0x5c @ 0x748e6686 0x2630bbd gapfnScSendMessage-0x15fc8 user32+0x0 @ 0x75650000 0x3229f8 exception.instruction_r: cc d9 b3 5a 24 d6 dc e8 49 93 d0 f8 e4 09 87 41 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x2630cda registers.esp: 1635100 registers.edi: 74 registers.eax: 1032248708 registers.ebp: 1635128 registers.edx: 0 registers.ebx: 3 registers.esi: 3200796 registers.ecx: 1635256	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 5, 2021, 6:23 p.m.	process_identifier: 204 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x746b2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 5, 2021, 6:23 p.m.	process_identifier: 204 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74333000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 5, 2021, 6:23 p.m.	process_identifier: 204 region_size: 73728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02630000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 5, 2021, 6:23 p.m.	process_identifier: 204 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77840000 process_handle: 0xffffffff	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 5, 2021, 6:23 p.m.	process_identifier: 204 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x004c0000 process_handle: 0xffffffff	1	0	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Nov. 5, 2021, 6:23 p.m.	tid: 1860 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

CHEVIOTTETS.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All