Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 27, 2023, 7:48 p.m.	June 27, 2023, 7:50 p.m.

Size	505.6KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`5e6ffe8f38644e73dbf42cfc39300028`
SHA256	`2f389821c080d021c280aa929e9c2f8ddaea741ffecf602cd050ffa4341eb511`
CRC32	`1AD705A1`
ssdeep	`12288:9FKBG73lOUG2H7zS8zjDMmyKIVhjIQq4ra7XT:BrlMa7zbzPMCIcB4KD`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer IsPE32 - (no description) PE_Header_Zero - PE File Signature

ip_network.exe "C:\Users\test22\AppData\Local\Temp\ip_network.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 27, 2023, 7:48 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 74 08 fa 6b 77 0a 9f 5a bd 57 00 38 c1 58 66 39 exception.instruction: je 0x5b8bce0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b8bcd6 registers.esp: 58520168 registers.edi: 126020 registers.eax: 58520164 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 95989760 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 0d e7 06 e5 9b 7e 89 48 16 6b 99 e5 a2 3f d1 exception.instruction: ja 0x5b8bd1e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b8bd0f registers.esp: 58520164 registers.edi: 126020 registers.eax: 58520160 registers.ebp: 58520176 registers.edx: 256 registers.ebx: 95989760 registers.esi: 1995838602 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc f9 23 b9 2c eb 95 1b e8 d1 c2 00 00 57 bf 0c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b8bd39 registers.esp: 58520172 registers.edi: 126020 registers.eax: 6906480 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 95989760 registers.esi: 1995838602 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 03 fb f3 13 a4 66 45 fb 00 66 39 d8 59 39 c3 exception.instruction: jno 0x5b98048 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b98043 registers.esp: 58520128 registers.edi: 126020 registers.eax: 6906480 registers.ebp: 58520176 registers.edx: 256 registers.ebx: 95989760 registers.esi: 1995838602 registers.ecx: 58520124	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 02 ff 82 89 8f 67 b1 fc 99 a9 ce ef 00 f6 c4 exception.instruction: jae 0x5b9807f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b9807b registers.esp: 58520128 registers.edi: 126020 registers.eax: 6906480 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 58520124 registers.esi: 2358158375 registers.ecx: 256	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0a e1 6c d3 ba fd 57 62 73 cf 33 bb 85 79 00 exception.instruction: mov dword ptr [edx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b980ba registers.esp: 58520132 registers.edi: 126020 registers.eax: 6906480 registers.ebp: 58520176 registers.edx: 375 registers.ebx: 95989760 registers.esi: 108 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e4 c9 9b a4 36 d0 44 23 b6 cb 62 26 02 e7 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b98114 registers.esp: 58520124 registers.edi: 126020 registers.eax: 6906480 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 20713 registers.esi: 1995838602 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 04 f6 8a 31 2c 00 81 7d 74 43 9a 00 00 0f 84 exception.instruction: js 0x5b9815d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b98157 registers.esp: 58520116 registers.edi: 256 registers.eax: 6906480 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 95989760 registers.esi: 58520112 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 ff fd 94 2d b6 0f 3b 54 ef 70 27 00 5b 89 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b981a7 registers.esp: 58520120 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 28598 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 05 e6 8b b6 60 92 05 19 a2 ff 94 9b 3b 97 d9 exception.instruction: jg 0x5b981ef exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b981e8 registers.esp: 58520116 registers.edi: 58520112 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 256 registers.ebx: 1013523989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 79 03 fa b4 0f d3 99 a3 d6 66 00 85 c3 5a 66 85 exception.instruction: jns 0x5b98234 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b9822f registers.esp: 58520128 registers.edi: 126020 registers.eax: 256 registers.ebp: 58520176 registers.edx: 58520124 registers.ebx: 1013523989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 09 f8 ab 77 af 54 e3 00 59 bf 47 83 23 dd 81 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b98259 registers.esp: 58520132 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 1013523989 registers.esi: 1995838602 registers.ecx: 12668	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0e e3 4e af 46 b5 24 50 f5 cc 14 77 fc bb bf exception.instruction: jbe 0x5b982c5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b982b5 registers.esp: 58520120 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 58520116 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc f4 ae a6 4f 89 eb c7 85 4b 02 00 00 fb 51 05 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b982e5 registers.esp: 58520128 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 1013523989 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 77 0e e2 a6 96 eb b3 42 60 50 65 09 f2 f9 5b ca exception.instruction: ja 0x5b98356 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b98346 registers.esp: 58520120 registers.edi: 256 registers.eax: 58520116 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520500 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 31 f7 20 52 00 59 89 8d 7f 02 00 00 89 d9 51 exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b98378 registers.esp: 58520124 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520500 registers.esi: 1995838602 registers.ecx: 37590	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc fe 29 31 71 6d 2a 47 47 94 f9 b0 5e cb 80 53 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b98393 registers.esp: 58520120 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520500 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7a 05 f8 83 14 95 ea 54 00 84 fd 5e 38 d0 5b 81 exception.instruction: jp 0x5b983c5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b983be registers.esp: 58520112 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 58520108 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 79 03 f8 6a a1 76 79 60 00 66 39 d1 58 66 85 d0 exception.instruction: jns 0x5b98426 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b98421 registers.esp: 58520112 registers.edi: 126020 registers.eax: 58520108 registers.ebp: 58520176 registers.edx: 256 registers.ebx: 58520500 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc f8 97 6d 25 54 4b 40 68 43 ff 8d c1 01 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b98464 registers.esp: 58520120 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520500 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc f8 97 6d 25 54 4b 40 68 43 ff 8d c1 01 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b98464 registers.esp: 58520120 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520501 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc f8 97 6d 25 54 4b 40 68 43 ff 8d c1 01 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b98464 registers.esp: 58520120 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520502 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc f4 5e dd 77 43 89 bd 16 02 00 00 89 df 57 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b98476 registers.esp: 58520120 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520503 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 78 03 f7 25 7b 00 66 81 fa 44 70 5e 3c c2 5f 89 exception.instruction: js 0x5b984b1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b984ac registers.esp: 58520108 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520504 registers.esi: 58520104 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc fd a2 ea a8 10 e4 01 1a 50 ed ad 81 f6 00 1f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b984d2 registers.esp: 58520116 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520504 registers.esi: 4226555565 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc f8 d1 96 b5 c5 c7 ad b9 56 53 bb 14 77 9b 73 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b984ea registers.esp: 58520116 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520504 registers.esi: 4294967295 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 33 f7 2d 76 00 5b 8b b5 42 02 00 00 50 cc e0 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b98512 registers.esp: 58520108 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 11897 registers.esi: 4294967295 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc e0 d7 da 8d 49 d4 12 e9 a0 9f 52 be 76 0d 8c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x5b98520 registers.esp: 58520108 registers.edi: 126020 registers.eax: 1995635376 registers.ebp: 58520176 registers.edx: 1995596250 registers.ebx: 58520504 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 75 02 e3 c5 32 1d 1d 37 ba b8 8b 11 06 34 8f cd exception.instruction: jne 0x5b98561 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b9855d registers.esp: 58520128 registers.edi: 126020 registers.eax: 0 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 95989760 registers.esi: 256 registers.ecx: 58520124	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 05 fa 87 4f 25 bc 80 91 5e 00 38 ee 59 66 f7 exception.instruction: jl 0x5b985a3 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b9859c registers.esp: 58520128 registers.edi: 126020 registers.eax: 256 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 95989760 registers.esi: 1995838602 registers.ecx: 58520124	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1e e1 56 37 3e e3 f6 37 d7 a6 7b e1 f3 91 00 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b985e5 registers.esp: 58520164 registers.edi: 126020 registers.eax: 2370428158 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 95989760 registers.esi: 30766 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 09 e1 aa f8 df 8f 2d 8b 12 1c 30 1b 97 64 00 exception.instruction: jle 0x5b98633 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x5b98628 registers.esp: 58520160 registers.edi: 58520156 registers.eax: 0 registers.ebp: 58520176 registers.edx: 256 registers.ebx: 95989760 registers.esi: 1995838602 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 36 ff 68 c0 4f db b4 58 3b 99 d8 52 00 5e 52 exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b9865a registers.esp: 58520160 registers.edi: 126020 registers.eax: 0 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 95989760 registers.esi: 21579 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 12 e6 6f 0f 03 f6 22 53 74 f0 71 ee 85 da 23 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b98687 registers.esp: 58520160 registers.edi: 126020 registers.eax: 0 registers.ebp: 58520176 registers.edx: 17396 registers.ebx: 95989760 registers.esi: 1995838602 registers.ecx: 95992973	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 4 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763588	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 8 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763592	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 12 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763596	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 16 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763600	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 20 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763604	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 24 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763608	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 28 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763612	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 32 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763616	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 36 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763620	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 40 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763624	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 44 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763628	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 48 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763632	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 52 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763636	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 56 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763640	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 60 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763644	1
__exception__ June 27, 2023, 7:48 p.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 1b e3 77 37 81 48 87 04 1d 72 46 6d 6e 5d 41 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5b986fd registers.esp: 58520160 registers.edi: 126020 registers.eax: 64 registers.ebp: 58520176 registers.edx: 95989760 registers.ebx: 4638 registers.esi: 1995838602 registers.ecx: 125763648	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 27, 2023, 7:48 p.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 27, 2023, 7:48 p.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 27, 2023, 7:48 p.m.	process_identifier: 2560 region_size: 66760704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03840000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsyB85.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsyB85.tmp\System.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00044a00', u'virtual_address': u'0x0005e000', u'entropy': 6.800710339910504, u'name': u'.rsrc', u'virtual_size': u'0x000449d0'}

entropy

6.80071033991

description

A section with a high entropy has been found

entropy

0.8955954323

description

Overall entropy of this PE file is high

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 27, 2023, 7:49 p.m.	tid: 2652 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
FireEye	Generic.mg.5e6ffe8f38644e73
Sangfor	Trojan.Win32.Agent.Vxqn
CrowdStrike	win/malicious_confidence_70% (D)
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware [Misc]
Rising	Trojan.Injector/NSIS!1.E690 (CLASSIC)
TrendMicro	Trojan.Win32.GULOADER.YXDF1Z
McAfee-GW-Edition	BehavesLike.Win32.GuLoader.hc
Webroot	W32.Malware.Gen
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Google	Detected
McAfee	Artemis!5E6FFE8F3864
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDF1Z
Ikarus	Trojan.NSIS.Agent
AVG	FileRepMalware [Misc]
Cybereason	malicious.9c90e7
DeepInstinct	MALICIOUS

ip_network.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All