Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 28, 2023, 8:13 a.m.	March 28, 2023, 8:15 a.m.

Size	294.8KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`63d3846c74a6583c03f0b2a1f2fbce77`
SHA256	`93488ca5fcb606d526df67c33f25b0c56dc891ed2584f0882993e53b50b4f31e`
CRC32	`881C69C0`
ssdeep	`6144:O7CCISBOzZLZ2CwvYmli3Hic9eFH6omCwrNqP9q+0oPPq8DeC0ipCrvdfJooKiYt:O7CCISBOzZLZ2CwvYmli3Hic9eFH6omg`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\codeexe.ps1
1984

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 7660 events)

Time & API	Arguments	Status	Return
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: You cannot call a method on a null-valued expression. console_handle: 0x0000001b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\codeexe.ps1:1 char:301348 console_handle: 0x00000027	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: + [Byte[]]$c = [System.Convert]::FromBase64String('ByYma2xmcV5gZmltbT4hKSRidWIr console_handle: 0x00000033	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: anA+ZGJPWTYuMC0wKy0rMXNZaG9sdGJqXm9DWVFCSytxY2xwbG9gZkpZcHRsYWtmVFk3QCQlHVpaWHF console_handle: 0x0000003f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: gYmdfbFgpaWlyayElYmhsc2tGKyYka3JPJCVhbGVxYkpxYkQrJiRwcF5paCtoXm9ediQlJGJtdlFxYk console_handle: 0x0000004b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: QkKyZ2b15vX2ZJISUkYV5sSSQ3N1p2aV9qYnBwPitrbGZxYGJpY2JPWAc4Ji0pLSktKS0pLSktKS0pL console_handle: 0x00000057	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: SktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0p console_handle: 0x00000063	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: LSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0 console_handle: 0x0000006f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS console_handle: 0x0000007b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktK console_handle: 0x00000087	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: S0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSkt console_handle: 0x00000093	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: KS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSk console_handle: 0x0000009f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: tKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLS console_handle: 0x000000ab	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: ktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pL console_handle: 0x000000b7	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: SktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0p console_handle: 0x000000c3	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: LSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0 console_handle: 0x000000cf	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS console_handle: 0x000000db	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktK console_handle: 0x000000e7	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: S0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSkt console_handle: 0x000000f3	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: KS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSk console_handle: 0x000000ff	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: tKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLS console_handle: 0x0000010b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: ktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pL console_handle: 0x00000117	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: SktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pMzIpMTMpLSktKS0pLy4pLSkt console_handle: 0x00000123	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: KS01KS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0 console_handle: 0x0000012f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS console_handle: 0x0000013b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSktKS0pLSk1MSktKTMxKS0pNTEpL console_handle: 0x00000147	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: SkzMSktKTUxKS0pMzEpLSk2MSktKS0pLSktLi4pLSkuLi4pLSkyLS4pLSkyLi4pLSkxLi4pLSkuLS4p console_handle: 0x00000153	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: LSkzNSktKS8wKS0pLi8uKS0pNS0uKS0pNTYpLSk2LS4pLSkuLS4pLSkyLi4pLSkyLi4pLSkyMyktKS4 console_handle: 0x0000015f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: pLSk1KS0pMzIpLSktKS0pNTEpLSkzMSktKTUxKS0pMzEpLSk1MSktKTMxKS0pNjEpLSktKS0pLS4uKS console_handle: 0x0000016b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 0pLi4uKS0pMi0uKS0pMi4uKS0pMS4uKS0pLi0uKS0pMzUpLSkzLi4pLSk2NiktKTQuLiktKS0tLiktK console_handle: 0x00000177	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: S4uLiktKTEuLiktKS01KS0pLiktKTUpLSkvMiktKS0pLSktMiktKTYxKS0pLy4uKS0pLy4uKS0pMjMp console_handle: 0x00000183	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: LSkyLi4pLSk2LS4pLSkxLi4pLSkuLi4pLSktNCktKTIuLiktKTYuLiktKS4uLiktKS0tLiktKS0uLik console_handle: 0x0000018f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: tKTItLiktKTQ1KS0pLSktKS0pLSkuLS4pLSk2LS4pLSk0NiktKTU0KS0pMy4uKS0pNjYpLSk0Li4pLS console_handle: 0x0000019b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: ktLS4pLSkuLi4pLSkxLi4pLSktNSktKS4pLSk1LiktKTUzKS0pLSktKTUtLiktKTUtLiktKS0tLiktK console_handle: 0x000001a7	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: TMxKS0pLTIpLSk2MSktKS8uLiktKS8uLiktKTIzKS0pMi4uKS0pNi0uKS0pMS4uKS0pLi4uKS0pLTQp console_handle: 0x000001b3	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: LSkyLi4pLSk2Li4pLSkuLi4pLSktLS4pLSktLi4pLSkyLS4pLSk0NSktKS0pLSkuLS4pLSk2LS4pLSk console_handle: 0x000001bf	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 0NiktKS0uLiktKS4tLiktKTUtLiktKTItLiktKS00KS0pNS0uKS0pNDYpLSktLi4pLSkyLS4pLSkwLS console_handle: 0x000001cb	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 4pLSkyLS4pLSkxLi4pLSk2NCktKS4pLSkvLyktKTE1KS0pLSktKS0pLSktKS0pLSktKTIuLiktKTQtL console_handle: 0x000001d7	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: iktKTEuLiktKTQ2KS0pNi0uKS0pLi0uKS0pLS0uKS0pNDYpLSkxLi4pLSkxNSktKTUtLiktKTQ2KS0p console_handle: 0x000001e3	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: MC0uKS0pLi0uKS0pMzQpLSkuKS0pLiktKS8xKS0pLSktKS4yKS0pLTIpLSk1MSktKS0yKS0pLzApLSk console_handle: 0x000001ef	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: vMCktKTYzLiktKS8wKS0pMy4uKS0pMS0uKS0pMC0uKS0pMi0uKS0pMS4uKS0pLi8uKS0pLy4uKS0pLi console_handle: 0x000001fb	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 4uKS0pNDMpLSktKS0pMy4uKS0pMS0uKS0pMC0uKS0pMi0uKS0pMS4uKS0pLi8uKS0pLy4uKS0pLi4uK console_handle: 0x00000207	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: S0pNDMpLSk1LS4pLSk0NiktKTAtLiktKS4tLiktKTM0KS0pLiktKTUuKS0pLzQpLSktKS0pNS0uKS0p console_handle: 0x00000213	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: NS0uKS0pLS0uKS0pMzEpLSktMiktKTYxKS0pLy4uKS0pLy4uKS0pMjMpLSkyLi4pLSk2LS4pLSkxLi4 console_handle: 0x0000021f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: pLSkuLi4pLSktNCktKTIuLiktKTYuLiktKS4uLiktKS0tLiktKS0uLiktKTItLiktKTQ1KS0pLSktKS console_handle: 0x0000022b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: 4tLiktKTYtLiktKTQ2KS0pNTQpLSk1LS4pLSk0NiktKS0uLiktKTEuLiktKS4tLiktKTMuLiktKS0uL console_handle: 0x00000237	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: iktKTA0KS0pLiktKS8vKS0pMzQpLSktKS0pNTEpLSkzMSktKTUxKS0pMzEpLSk1MSktKTMxKS0pNjEp console_handle: 0x00000243	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: LSktKS0pLSktKS0uLiktKS4uLiktKTItLiktKTIuLiktKTEuLiktKS4tLiktKTM1KS0pLi0uKS0pNS0 console_handle: 0x0000024f	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: uKS0pMi0uKS0pLTQpLSkuKS0pNSktKTUxKS0pLSktKS0yKS0pNjEpLSkvLi4pLSkvLi4pLSkyMyktKT console_handle: 0x0000025b	1	1
WriteConsoleW March 28, 2023, 8:13 a.m.	buffer: IuLiktKTYtLiktKTEuLiktKS4uLiktKS00KS0pMi4uKS0pNi4uKS0pLi4uKS0pLS0uKS0pLS4uKS0pM console_handle: 0x00000267	1	1

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey March 28, 2023, 8:13 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003da1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 28, 2023, 8:13 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003da1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 28, 2023, 8:13 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003da1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 28, 2023, 8:13 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003da1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 28, 2023, 8:14 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003da388 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 28, 2023, 8:14 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003da388 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 28, 2023, 8:13 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (22 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0255b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0256f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02680000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02681000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06180000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06310000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06311000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06312000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02682000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02683000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02684000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02685000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05241000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:13 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06313000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:14 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02686000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:14 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02687000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:14 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024ed000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:14 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02688000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:14 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x053d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:14 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06314000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 28, 2023, 8:14 a.m.	process_identifier: 1984 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05460000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

A potential heapspray has been detected. 96 megabytes was sprayed onto the heap of the powershell.exe process (1 event)

count

1545

name

heapspray

process

powershell.exe

total_mb

length

65536

protection

PAGE_READWRITE

codeexe.ps1

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All