Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 24, 2023, 1:22 p.m.	June 24, 2023, 1:27 p.m.

Size	1.5MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`e66dec71ef0ffbb33127f41b8ab1fe3e`
SHA256	`240ff64b312acf203a1498a58801bf79ad99617e7dbf961c6a289531d1b7b39b`
CRC32	`2BC1CFE3`
ssdeep	`24576:7UA0Aa/NF9BpvbxxQO/Wh5ChSNF3PWjdCXpKO7Yq8EMHOS8NdOBG7QTOTzgZrkQ3:10xlbBpvHb/Wh5Xv3OjdKKOj8ErRNdu1`
Yara	IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature themida_packer - themida packer

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\s64.dll,rundll
2560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\s64.dll,rundll
  2712
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\s64.dll,
2644

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section
section	.themida
section	.boot

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d rundll+0x3562e5 s64+0x357305 @ 0x7fef3c67305 rundll+0x3562b0 s64+0x3572d0 @ 0x7fef3c672d0 HeapWalk-0x1ce0 kernel32+0x0 @ 0x76c10000 0xef0c8 0xef0c8 0xef0c8 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd4fa49d registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1
__exception__ June 24, 2023, 1:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 977344 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 979152 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791593388048 registers.rbp: 979176 registers.rdi: 8791589490688 registers.rax: 1994960099 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 24, 2023, 1:15 p.m.	process_identifier: 2712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e27000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory June 24, 2023, 1:15 p.m.	process_identifier: 2712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d80000 process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x00001200', u'virtual_address': u'0x00001000', u'entropy': 7.949196979623075, u'name': u' ', u'virtual_size': u'0x00002d9e'}

entropy

7.94919697962

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00004000', u'entropy': 7.171986535062913, u'name': u' ', u'virtual_size': u'0x00000a55'}

entropy

7.17198653506

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00172a00', u'virtual_address': u'0x003bf000', u'entropy': 7.954833812603048, u'name': u'.boot', u'virtual_size': u'0x00172a00'}

entropy

7.9548338126

description

A section with a high entropy has been found

entropy

0.998657267539

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 24, 2023, 1:15 p.m.	tid: 2716 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

FireEye	Generic.mg.e66dec71ef0ffbb3
McAfee	Artemis!E66DEC71EF0F
Cylance	unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenCBL.DTY
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan-Proxy.Win32.Sybici
BitDefender	Trojan.GenericKD.67719773
Avast	FileRepMalware [Misc]
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Generic
Gridinsoft	Malware.Win64.Gen.bot
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:Trojan-Proxy.Win32.Sybici
GData	Trojan.GenericKD.67719773
Google	Detected
TrendMicro-HouseCall	TROJ_GEN.R002H0DFN23
Rising	Downloader.IcedId!8.1132C (TFE:1:1JrcADbpoAV)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat.PALLAS.H
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS

s64.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All