Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 8, 2023, 5:31 p.m.	June 8, 2023, 5:52 p.m.

Size	371.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`bb82589608f2312e9bf9d0c63c8a3d68`
SHA256	`3682f76c6feec004f58d0b9c732b45215375d45f250bdac03fb3694097710c3f`
CRC32	`A6630D70`
ssdeep	`6144:A6dANzV+OT7ck3Ke1/Lhw5ewNi4F/oJrcy+ShsV6+gn:iP+OTQkFLhaez4FSVsVI`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

hkcmd.exe "C:\Users\test22\AppData\Local\Temp\hkcmd.exe"
1000

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 8, 2023, 5:31 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 06 14 0c 0d e9 6f 89 d4 93 96 e0 a4 16 00 80 exception.instruction: jne 0x4351bd4 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4351bcc registers.esp: 1631364 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 1631360 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 73 09 0a e5 dc b6 43 a5 78 09 a8 e7 f6 3c 89 a0 exception.instruction: jae 0x4351c1b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4351c10 registers.esp: 1631364 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 1631360 registers.ebx: 70586368 registers.esi: 256 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 73 03 10 40 58 8c a3 df 0f 19 00 84 ed 5f 66 39 exception.instruction: jae 0x4351c56 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4351c51 registers.esp: 1631364 registers.edi: 1631360 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 256 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1c ac cf 1a 65 73 cc 0a b9 83 66 d7 a0 ef 5f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4351c69 registers.esp: 1631372 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 166320631 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 0a b9 83 66 d7 a0 ef 5f 7d e0 9c 34 04 28 ee exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4351c70 registers.esp: 1631372 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 166320631 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7e 0f 08 b7 53 f4 4c 1e af 3d c1 29 e6 6b 5c 88 exception.instruction: jle 0x4351cb9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4351ca8 registers.esp: 1631364 registers.edi: 256 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 1631360 registers.ebx: 70586368 registers.esi: 90667142 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7d 07 0f cd 7e db e0 d9 47 14 0b da 4f 94 de 12 exception.instruction: jge 0x4351cf1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4351ce8 registers.esp: 1631364 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 1631360 registers.ebx: 256 registers.esi: 20480 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7a 0d 09 0f f0 ca e7 cd 52 40 2f aa 9d d0 e1 a2 exception.instruction: jp 0x436f42f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f420 registers.esp: 1631324 registers.edi: 243296 registers.eax: 1631320 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 1a 08 db 33 05 8d 06 00 99 0b c9 54 5a 10 45 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f461 registers.esp: 1631328 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 13304 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7b 07 11 d4 e0 de af 20 39 00 f7 c6 2e fa 72 11 exception.instruction: jnp 0x436f49f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f496 registers.esp: 1631324 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 1631320 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 12 0e 92 2e e9 e4 61 7c c9 75 33 87 1d 58 8a exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f4c8 registers.esp: 1631328 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 4734 registers.ebx: 4028351836 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 08 08 b0 f2 34 06 06 57 0c 96 b9 c5 ac 1a 7f exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f4f9 registers.esp: 1631328 registers.edi: 243296 registers.eax: 22554 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 2002761745 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 33 0a 24 e6 43 1c 39 af 4d 0d 92 94 8d 8b 02 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f531 registers.esp: 1631328 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 50273 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 0a f2 60 56 c3 33 13 9b 04 32 c5 41 05 5e 7a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f549 registers.esp: 1631332 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 108 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 11 5a 0c 39 2d 0d ee 81 c9 cc 1c 74 38 26 94 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f55a registers.esp: 1631332 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 108 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1c 74 38 26 94 91 53 8b 9d 0c 02 00 00 68 c8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f564 registers.esp: 1631332 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 108 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1f 25 1d 53 bb 6c 70 e5 af 81 c3 d4 13 a2 05 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f577 registers.esp: 1631324 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7f 12 0e cc e0 3f 25 a1 d6 f6 df ab 18 a8 58 16 exception.instruction: jg 0x436f5b0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f59c registers.esp: 1631316 registers.edi: 1631312 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1e eb 47 16 81 2c 24 2c 0b 84 b4 57 bf e3 d5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f5d3 registers.esp: 1631324 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 03 1d b1 0c 00 84 f7 58 84 db 5f cc 09 c2 c5 exception.instruction: jne 0x436f605 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f600 registers.esp: 1631316 registers.edi: 256 registers.eax: 1631312 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 09 c2 c5 98 53 b7 a9 0b 69 18 94 5c d2 2b 0d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f60c registers.esp: 1631324 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 76 03 1d 37 62 00 66 85 d0 5b 66 39 d3 58 cc 08 exception.instruction: jbe 0x436f652 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f64d registers.esp: 1631316 registers.edi: 2308453165 registers.eax: 256 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 1631312 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 08 7a 08 b2 6f 27 bc 86 ca 46 e3 f9 9b 89 0f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f65b registers.esp: 1631324 registers.edi: 2308453165 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 01 15 c9 6f 53 55 2e ab 48 60 35 e9 00 59 81 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f686 registers.esp: 1631320 registers.edi: 4015701585 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 32520	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1f 5f 29 81 f7 f5 49 8c bd 57 bf a8 43 be 5b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f69b registers.esp: 1631324 registers.edi: 3187165595 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 0f 13 ef 64 e9 23 00 5f 57 57 bf 75 35 8e 7c exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f6b7 registers.esp: 1631320 registers.edi: 10240 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 3f 13 ba d7 a4 dc 00 5f 8b bd 68 02 00 00 52 exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f6d3 registers.esp: 1631316 registers.edi: 57392 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 72 07 0a 99 15 65 cb 15 9a d2 c0 3d 36 25 2f 2a exception.instruction: jb 0x436f707 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f6fe registers.esp: 1631312 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 256 registers.ebx: 70586368 registers.esi: 1631308 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 03 17 22 78 59 0a 19 58 65 f6 00 5b 89 e1 51 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f728 registers.esp: 1631316 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 31028 registers.esi: 2005865610 registers.ecx: 70589246	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 01 10 53 d1 a0 b6 74 30 bb 00 59 ba ca a1 89 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f755 registers.esp: 1631316 registers.edi: 243296 registers.eax: 5461752 registers.ebp: 1631372 registers.edx: 70586368 registers.ebx: 70586368 registers.esi: 2005865610 registers.ecx: 40168	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7c 04 0c c1 7a 9b ca 81 06 d4 0a 63 62 1e a5 25 exception.instruction: jl 0x436f792 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f78c registers.esp: 1631312 registers.edi: 243296 registers.eax: 1631308 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 05 13 45 ba 4a af 00 66 39 d1 59 84 d2 5a 81 exception.instruction: jne 0x436f7d1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f7ca registers.esp: 1631312 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 256 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 1631308	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1c ce fd ea 35 17 68 40 0e 60 90 cc 14 44 5a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f7e5 registers.esp: 1631332 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 14 44 5a 29 73 76 1a 04 f7 de 91 33 b8 62 cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f7f1 registers.esp: 1631328 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 15 0d 9c 93 3f 02 df 5c 10 39 89 16 af 81 04 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f800 registers.esp: 1631328 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 09 0c 5b 8f ae 2a 1a 97 1c f8 a3 8d 2f 3b 63 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f833 registers.esp: 1631324 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 24620	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1f d6 ba 56 be fd 32 74 4f 81 c6 38 01 6e 98 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f859 registers.esp: 1631328 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 06 1d 3e bd 00 5e 89 85 57 02 00 00 cc 0b 8f exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f87b registers.esp: 1631324 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 44744 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 0b 8f 0e ca a1 27 1d f7 fc fe 70 b8 7e a3 69 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f888 registers.esp: 1631328 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1c 98 30 61 ca 4f 2d 23 94 07 b4 cc 1c 98 60 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f8f7 registers.esp: 1631328 registers.edi: 243296 registers.eax: 3564807371 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 1c 98 60 a2 05 2e 35 2a a7 e1 a6 cc 09 8b 90 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f903 registers.esp: 1631328 registers.edi: 243296 registers.eax: 544411816 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 09 8b 90 a4 42 30 77 dc b6 47 0f a9 af 90 f5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f90f registers.esp: 1631328 registers.edi: 243296 registers.eax: 2257762178 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 13 7c 82 64 de a5 f3 cc 0a 51 38 42 f8 47 2d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f926 registers.esp: 1631328 registers.edi: 243296 registers.eax: 12288 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 0a 51 38 42 f8 47 2d d6 df 1d fe 86 5b 5f 3f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x436f92e registers.esp: 1631328 registers.edi: 243296 registers.eax: 12288 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 70 06 0d c5 f0 1b 62 97 9f 6c 13 a9 fd f0 c2 a3 exception.instruction: jo 0x436f963 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f95b registers.esp: 1631316 registers.edi: 1631312 registers.eax: 12288 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 256 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 31 0a 6a f2 cc 4c 2f 51 6a 40 e5 65 a2 07 0c exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436f990 registers.esp: 1631320 registers.edi: 243296 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 394011991 registers.esi: 2005865610 registers.ecx: 65215	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7d 0a 14 38 09 8f ca 93 85 9d e5 04 e7 5a 00 38 exception.instruction: jge 0x436f9d7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436f9cb registers.esp: 1631316 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 1631312 registers.ebx: 1631372 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 11 0d f6 2c 6c 2a 0f 2c 9a 14 99 bd a0 80 97 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436fa03 registers.esp: 1631320 registers.edi: 4242454006 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 1631372 registers.esi: 2005865610 registers.ecx: 61421	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 04 13 bc 10 38 dc 00 84 ca 59 85 d9 5f 81 f7 exception.instruction: jne 0x436fa41 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x436fa3b registers.esp: 1631316 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 1631372 registers.esi: 2005865610 registers.ecx: 1631312	1
__exception__ June 8, 2023, 5:32 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 37 12 87 1e 54 bb d7 00 5f 81 ef 79 f2 58 6d exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x436fa67 registers.esp: 1631320 registers.edi: 893 registers.eax: 2005662384 registers.ebp: 1631372 registers.edx: 2005623258 registers.ebx: 1631372 registers.esi: 2005865610 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 8, 2023, 5:31 p.m.	process_identifier: 1000 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741c4000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory June 8, 2023, 5:31 p.m.	process_identifier: 1000 region_size: 52555776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03260000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nspBDFC.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nspBDFC.tmp\System.dll

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 8, 2023, 5:33 p.m.	tid: 840 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Minix.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Generic.33895215
McAfee	Artemis!BB82589608F2
Malwarebytes	Trojan.GuLoader
VIPRE	Trojan.Generic.33895215
Sangfor	Trojan.NSIS.Agent.V8ej
Alibaba	TrojanDownloader:Win32/Minix.587591d7
CrowdStrike	win/malicious_confidence_70% (W)
Arcabit	Trojan.Generic.D205332F
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	NSIS/Injector.ASH
APEX	Malicious
Kaspersky	HEUR:Trojan.NSIS.Makoob.gen
BitDefender	Trojan.Generic.33895215
Avast	NSIS:DropperX-gen [Drp]
Tencent	Win32.Trojan.FalseSign.Edhl
Emsisoft	Trojan.Generic.33895215 (B)
McAfee-GW-Edition	Artemis!Trojan
FireEye	Trojan.Generic.33895215
Sophos	Mal/Generic-S
MAX	malware (ai score=85)
Gridinsoft	Trojan.Win32.FormBook.bot
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.NSIS.Makoob.gen
GData	Trojan.Generic.33895215
Google	Detected
ALYac	Trojan.Generic.33895215
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H0CF823
Ikarus	Trojan.NSIS.Agent
Fortinet	W32/ASH!tr
AVG	NSIS:DropperX-gen [Drp]
DeepInstinct	MALICIOUS

hkcmd.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All