Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 30, 2023, 9:26 a.m.	June 30, 2023, 9:28 a.m.

Size	3.7MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`0168ca4a89a13c8b48f97edcd8c32165`
SHA256	`10f2b39f63da35827e667f29e2b69524079e06e454160dee4c28636fffcce199`
CRC32	`7C213007`
ssdeep	`49152:jjjH4ZOXhVNeJBCDRTJ+j6ErUCBOU9EUSqVLsGC8egyQVTlFvqCBfZKQO9NPe5Ie:l8BcNYjnJLnC8egyQVPNZwL`
Yara	IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\new64.dll,rundll
2564
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\new64.dll,rundll
  2708
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\new64.dll,
2648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section
section	.themida

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d rundll+0x31d3d8 new64+0x31e3f8 @ 0x7fef3f0e3f8 rundll+0x3476fc new64+0x34871c @ 0x7fef3f3871c HeapWalk-0x1ce0 kernel32+0x0 @ 0x76c10000 0xcf278 0xcf278 0xcf278 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefd4fa49d registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1
__exception__ June 30, 2023, 9:19 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 2 registers.r15: 0 registers.rcx: 846704 registers.rsi: 1994472144 registers.r10: 0 registers.rbx: 0 registers.rsp: 848512 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 8791592751179 registers.rbp: 848536 registers.rdi: 8791592513536 registers.rax: 1995091014 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 30, 2023, 9:19 a.m.	process_identifier: 2708 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e27000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory June 30, 2023, 9:19 a.m.	process_identifier: 2708 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076d80000 process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (4 events)

section

{u'size_of_data': u'0x00001400', u'virtual_address': u'0x00001000', u'entropy': 7.841211384653443, u'name': u' ', u'virtual_size': u'0x00002d9e'}

entropy

7.84121138465

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00004000', u'entropy': 7.4747503118926755, u'name': u' ', u'virtual_size': u'0x00000a55'}

entropy

7.47475031189

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000200', u'virtual_address': u'0x00005000', u'entropy': 7.149303174817114, u'name': u' ', u'virtual_size': u'0x00000253'}

entropy

7.14930317482

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00000800', u'virtual_address': u'0x00007000', u'entropy': 7.075554433841137, u'name': u' ', u'virtual_size': u'0x00001c80'}

entropy

7.07555443384

description

A section with a high entropy has been found

File has been identified by 12 AntiVirus engines on VirusTotal as malicious (12 events)

Elastic	malicious (high confidence)
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	FileRepMalware [Trj]
McAfee-GW-Edition	Artemis!Trojan
Trapmine	malicious.moderate.ml.score
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:DangerousObject.Multi.Generic
McAfee	Artemis!0168CA4A89A1
AVG	FileRepMalware [Trj]

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ June 30, 2023, 9:19 a.m.	tid: 2712 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

new64.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All