Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 17, 2023, 9:38 a.m.	March 17, 2023, 9:38 a.m.

Size	593.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`9b82f37e58f9bb27d2a7dd96e9e2f702`
SHA256	`99dab8b3093e77419cff4a3e64045b972f1152812a69332ad88da1aaad56485e`
CRC32	`2B600DC1`
ssdeep	`12288:nsuLrr8h7qGMufOWhNkdgF8h3UHHdM/tQ3W:n5/q7qGMufdhNtF8SH9M/tQ3`
Yara	Malicious_Library_Zero - Malicious_Library IsDLL - (no description) IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AATSwPm
2556
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AATSwPm
  3060
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AGjHZEKfwvYHQizmakjUMsYj
2640
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AGjHZEKfwvYHQizmakjUMsYj
  3052
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AIkgNtfE
2732
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AIkgNtfE
  192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,ANCqFRmb
2820
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,ANCqFRmb
  2216
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AZsxitJzqgvaKjFJ
2916
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AZsxitJzqgvaKjFJ
  2568
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AmtdLjEpbTlXn
3008
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AmtdLjEpbTlXn
  2632
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AqBlkYwTBT
1264
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,AqBlkYwTBT
  2700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BUSanJRDyEep
2440
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BUSanJRDyEep
  2964
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BafKbpzZbMysszdVAvJAdAEpOh
2652
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BafKbpzZbMysszdVAvJAdAEpOh
  2104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BjVXLABFRbMkMdYZrwLDtnqn
2952
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BjVXLABFRbMkMdYZrwLDtnqn
  2180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BjztmnCOIlUskYW
2312
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BjztmnCOIlUskYW
  2752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BtxBvDT
2908
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BtxBvDT
  2824
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BwRgjSIzDyXRKprO
2228
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,BwRgjSIzDyXRKprO
  3048
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CBUlMIORIIpsrIfWWDXzxbFGr
2644
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CBUlMIORIIpsrIfWWDXzxbFGr
  2424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CRbGKhhIIJjeTUbiOVm
2936
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CRbGKhhIIJjeTUbiOVm
  2320
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CXBgle
2832
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CXBgle
  2220
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,ChQBUjDCAdFv
152
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,ChQBUjDCAdFv
  2356
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CmrMJZTVMTuNDAYU
2272
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,CmrMJZTVMTuNDAYU
  2840
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DJfXZEhrxVoOnQIaZCzrMlJhl
2992
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DJfXZEhrxVoOnQIaZCzrMlJhl
  3136
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DJmVvEPJyUlwpNKhJJllnpGQ
2884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DJmVvEPJyUlwpNKhJJllnpGQ
  3176
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DJvfvhBsJfPKIwwXvjTtNjS
2364
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DJvfvhBsJfPKIwwXvjTtNjS
  3212
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DjrueuNsMQZJuGFiKnmOYwj
3084
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DjrueuNsMQZJuGFiKnmOYwj
  3288
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DkqOjojSX
3264
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DkqOjojSX
  3484
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DllRegisterServer
3456
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DllRegisterServer
  3720
  - regsvr32.exe C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FQXtG\SnwrhOr.dll"
    4592
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DopsvUCJzIx
3580
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,DopsvUCJzIx
  3960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EIFDbYEwwm
3676
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EIFDbYEwwm
  3952
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EIvfoTYJih
3812
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EIvfoTYJih
  3992
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,ELIxkBrwmT
3900
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,ELIxkBrwmT
  3168
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EXYyiQcyfbAOQWCbO
3100
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EXYyiQcyfbAOQWCbO
  3300
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EYZChLDVnFIPMppUYdViQPoay
2736
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EYZChLDVnFIPMppUYdViQPoay
  3752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EkoCAnWFsC
3536
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,EkoCAnWFsC
  3948
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FElwVkaTaxRRGN
3604
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FElwVkaTaxRRGN
  2576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FYOwZnlvpzRqxUxbg
3736
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FYOwZnlvpzRqxUxbg
  3236
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FlrMSvOcLwUpdeoAD
3932
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FlrMSvOcLwUpdeoAD
  3620
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FpYAsWCvpJvuoMUjTjbelniY
3244
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,FpYAsWCvpJvuoMUjTjbelniY
  3640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,GtzySShWnXfsUb
3432
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,GtzySShWnXfsUb
  3276
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HLCzeBq
3596
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HLCzeBq
  3252
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HUfghoiCWVHtgSglb
3104
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HUfghoiCWVHtgSglb
  3568
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HZbFljHYbGFvcmrcYlFWDSU
3732
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HZbFljHYbGFvcmrcYlFWDSU
  4024
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HcnrULcPyEhXRswVbpM
3352
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HcnrULcPyEhXRswVbpM
  3708
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HjOoqCOimSKUjFjXdFuN
3560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HjOoqCOimSKUjFjXdFuN
  3624
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HolGDbeRm
3080
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HolGDbeRm
  3692
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HuIMyUhUZbrzJHjbegGPZC
3612
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,HuIMyUhUZbrzJHjbegGPZC
  4016
explorer.exe C:\Windows\Explorer.EXE
1452
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IIiyYPEYPggpdERitQOMVsNiQu
3944
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IIiyYPEYPggpdERitQOMVsNiQu
  3780
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IXgpndcJKTQb
3916
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IXgpndcJKTQb
  2684
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IfAaBpNyODwkDsuzoVkTgbGbo
3304
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IfAaBpNyODwkDsuzoVkTgbGbo
  4176
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IrGoJmdvvsJFEUcMmY
4104
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IrGoJmdvvsJFEUcMmY
  4220
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,IxYXufEXCKlK
4260
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,JdOhJByHqzyrbb
4368
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,JkXECizglqMHumJjvxvc
4464
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,JraCrCTSpf
4576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,KOzKUBvVThkMW
4768
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,KPYRrwLPTnYqnjWtLbrkMqOtB
4884
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,KipxtvcHXtUzqvx
5008
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,KohLAHgeZferwWcxWZS
5112
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,KwEaxpXhtkvjDUCmIuHNsi
1576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,LFzXHFSyJVxVEh
452
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,LNPKCpkPSzN
4456
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,MSiJmPuPMOTPyzp
4724
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,MYKrTwtTfQowf
4840
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,MfrFooxDNiYm
5036
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,NMHwOnDVE
4416
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,NbMJSnrcyInVieL
1168
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,NbibPrOUQidT
4932
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,NjxFQaFpOctyBAzDzMc
5104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,NpXnElbkOhnEfxhNTdIMZkZRC
4304
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,OBGLqOOhnUsQKUfOgM
4528
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,OHYxBWr
4940
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,OOwPwssFsHlDiquC
1512
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\Dop.dll,OXGFEPbP
4624

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (45 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:30 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0
IsDebuggerPresent March 17, 2023, 9:31 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 17, 2023, 9:31 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

F543FJK2AQ

Allocates read-write-execute memory (usually to unpack itself) (50 out of 151 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3060 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3060 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c50000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3060 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3052 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3052 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3052 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2216 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2216 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 192 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 192 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2568 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2568 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2700 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000560000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2700 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001cb0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2700 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2632 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2632 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2964 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000002e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2964 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2180 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001da0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2104 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000002f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2104 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000330000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2104 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2752 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2752 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2824 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2824 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c30000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3048 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3048 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000500000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 3048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2320 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c20000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2424 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2424 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2424 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2220 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2220 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001d50000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2220 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2356 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2023, 9:30 a.m.	process_identifier: 2356 region_size: 180224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000500000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1

Creates a suspicious process (1 event)

cmdline

C:\Windows\system32\regsvr32.exe "C:\Windows\system32\FQXtG\SnwrhOr.dll"

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (13 events)

Time & API	Arguments	Status	Return
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000014c process_name: pw.exe process_identifier: 2328	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000014c process_name: taskhost.exe process_identifier: 2372	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000014c process_name: rundll32.exe process_identifier: 3456	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000014c process_name: rundll32.exe process_identifier: 3720	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 3304	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 4104	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 4176	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 4220	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 4260	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 4368	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 4464	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: rundll32.exe process_identifier: 4576	1	1
Process32NextW March 17, 2023, 9:31 a.m.	snapshot_handle: 0x000000000000016c process_name: regsvr32.exe process_identifier: 4592	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0002c400', u'virtual_address': u'0x0006e000', u'entropy': 7.722320258398678, u'name': u'.rsrc', u'virtual_size': u'0x0002c2d0'}

entropy

7.7223202584

description

A section with a high entropy has been found

entropy

0.298986486486

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (2 events)

process	regsvr32.exe
process	rundll32.exe

Attempts to remove evidence of file being downloaded from the Internet (1 event)

file	C:\Windows\System32\FQXtG\SnwrhOr.dll:Zone.Identifier

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Lionic	Trojan.Win32.Emotet.L!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Trojan.GenericKD.65220645
ALYac	Trojan.Agent.Emotet
Zillya	Trojan.Emotet.Win64.692
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0059e7111 )
K7GW	Trojan ( 0059e7111 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D3E33025
VirIT	Trojan.Win64.Genus.IA
Cyren	W64/ABRisk.QTBF-0283
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.BYFFQYZ
Paloalto	generic.ml
Kaspersky	Trojan-Banker.Win64.Emotet.cmsh
BitDefender	Trojan.GenericKD.65220645
NANO-Antivirus	Trojan.Win64.Nekark.jurcvp
MicroWorld-eScan	Trojan.GenericKD.65220645
Avast	Win64:BotX-gen [Trj]
Tencent	Win64.Trojan-Banker.Emotet.Jkjl
Emsisoft	Trojan.GenericKD.65220645 (B)
DrWeb	Trojan.Emotet.1272
VIPRE	Trojan.GenericKD.65220645
TrendMicro	TrojanSpy.Win64.EMOTET.YXDBHZ
McAfee-GW-Edition	BehavesLike.Win64.Emotet.hh
Ikarus	Trojan.SuspectCRC
Jiangmin	Trojan.Banker.Emotet.scj
Avira	TR/AD.Nekark.feiou
Antiy-AVL	Trojan[Banker]/Win64.Emotet
Gridinsoft	Malware.Win64.Emotet.bot
Xcitium	Malware@#1lfk5el3uvx22
Microsoft	Trojan:Win64/Emotet.EB!MTB
GData	Trojan.GenericKD.65220645
Google	Detected
McAfee	RDN/PWS-Banker
MAX	malware (ai score=82)
VBA32	TrojanBanker.Emotet
TrendMicro-HouseCall	TrojanSpy.Win64.EMOTET.YXDBHZ
Rising	Trojan.Emotet!8.B95 (CLOUD)
MaxSecure	Trojan.Malware.198944709.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:BotX-gen [Trj]
Panda	Trj/Chgt.AD

Dop

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All