Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 14, 2023, 10:02 a.m.	July 14, 2023, 10:04 a.m.

Size	691.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`f2d7173db057e444fc9805ac4301412a`
SHA256	`aa76ab6bb79114776396d584833787a1be21d143cef1c9267376ae6acadcd8e6`
CRC32	`F26E708E`
ssdeep	`12288:J1/2FX6XzMT47kPgNpHVL7RY4y+qQJzh0Nl:gSfVLSv+rJzGl`
Yara	UPX_Zero - UPX packed file NSIS_Installer - Null Soft Installer Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

winap.exe "C:\Users\test22\AppData\Local\Temp\winap.exe"
1156

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 14, 2023, 10:02 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 3b 2b e1 16 37 5e 9e ef 6d 52 70 db 63 7a c7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3445dd1 registers.esp: 1629944 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 1f 3a fe fa ff fe c9 e5 a7 51 85 87 a6 63 c1 exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3445dff registers.esp: 1629940 registers.edi: 25024 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 06 22 9a ac 03 3a 91 00 5e 81 34 24 97 3d 73 exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3445e2e registers.esp: 1629936 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 8539 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 2f b6 5b 81 34 24 1e 52 ab 3b 51 b9 c6 eb 0e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3445e3f registers.esp: 1629940 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 75 03 2d 32 6d 00 84 c0 5a f7 c2 a1 98 5a 7c 59 exception.instruction: jne 0x3445e77 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3445e72 registers.esp: 1629932 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 1629928 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7f 05 25 67 46 9f 30 ff 43 f7 06 6a 20 00 f6 c5 exception.instruction: jg 0x3445eb2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3445eab registers.esp: 1629932 registers.edi: 1629928 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 256 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 27 b6 16 fc 6a 22 2b 95 a8 36 eb ff 74 24 04 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x345fb93 registers.esp: 1629936 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 27 1c 3a 7e 91 02 57 6d 02 1a 13 60 cc 27 91 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x345fba9 registers.esp: 1629936 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 27 91 4d 34 6b 39 93 b4 81 6e 4a 57 bf 9e 8c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x345fbb6 registers.esp: 1629904 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 1f 21 a1 95 b3 a3 e3 ad 00 5f 89 9d 8b 01 00 exception.instruction: mov dword ptr [edi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fbda registers.esp: 1629900 registers.edi: 52074 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 07 3c c8 8c b6 c4 40 31 df 93 4d c5 43 97 7c exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fc09 registers.esp: 1629900 registers.edi: 33255 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 3e 23 2f 3c a1 5f 00 5e 81 f3 da 97 c1 16 57 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fc38 registers.esp: 1629900 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 3951962574 registers.esi: 39794 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 37 27 07 9e 36 d8 7a 49 b1 e0 00 5f 81 f3 f2 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fc65 registers.esp: 1629900 registers.edi: 3122 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 4249861652 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 75 0e 3d 0f be 09 df ca fe 52 05 00 eb 82 cd a6 exception.instruction: jne 0x345fca9 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x345fc99 registers.esp: 1629896 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 1629892 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 39 98 2c a2 32 51 30 e2 32 c5 c2 f2 47 10 76 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x345fcb6 registers.esp: 1629904 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 1763815398 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 76 02 2d 73 b3 00 84 c2 5a f6 c5 e4 5e 53 8b 9d exception.instruction: jbe 0x345fcf3 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x345fcef registers.esp: 1629896 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 1629892 registers.ebx: 108 registers.esi: 256 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 13 21 f0 2b 85 a7 69 a2 00 5b 51 b9 74 0f 71 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fd1b registers.esp: 1629896 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 11922 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7e 06 22 0e 43 c2 22 d2 00 66 39 d3 5e 38 fc 59 exception.instruction: jle 0x345fd4f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x345fd47 registers.esp: 1629892 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 1629888 registers.ecx: 256	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 23 f7 3a 9b 1a 59 c9 57 bf 77 d0 9d 45 81 f7 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x345fd62 registers.esp: 1629900 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 3358645988 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7f 0d 3b e4 53 44 cb 78 21 4e 1e 9a e0 19 40 00 exception.instruction: jg 0x345fd9a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x345fd8b registers.esp: 1629892 registers.edi: 256 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 1629888 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 0a 3e e7 bc 20 48 8a c8 f7 0e ef d0 5a 0d 18 exception.instruction: mov dword ptr [edx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fdc9 registers.esp: 1629896 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 2823 registers.ebx: 2750027146 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 16 2d 5d 9e 00 5e 81 eb 26 15 7e a3 56 be 43 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fdfd registers.esp: 1629896 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 2750027146 registers.esi: 52752 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 3e 2d 49 12 00 5e 53 50 b8 a2 1c 3b 25 05 fd exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fe28 registers.esp: 1629896 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 7077988 registers.esi: 24771 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 72 0b 25 a1 4e b3 37 51 86 83 28 82 fa 00 66 f7 exception.instruction: jb 0x345fe5b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x345fe4e registers.esp: 1629888 registers.edi: 213348 registers.eax: 256 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 1629884 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 3f 22 ea 08 63 72 2a 00 5f 05 1b b6 b5 03 35 exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fe88 registers.esp: 1629892 registers.edi: 40250 registers.eax: 1708377247 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 76 04 2c 3a 8f 79 00 39 c8 5e 39 c1 58 05 d7 52 exception.instruction: jbe 0x345fec0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x345feba registers.esp: 1629888 registers.edi: 213348 registers.eax: 256 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 1629884 registers.ecx: 54812047	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 09 3a 89 1c f8 b5 55 5c d1 81 7b e6 b2 c4 14 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345fee5 registers.esp: 1629888 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 13955	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 11 22 3f 00 c1 f4 ad 00 59 89 e1 ba 83 85 c3 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345ff0f registers.esp: 1629888 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 54808576 registers.ebx: 54808576 registers.esi: 2005865610 registers.ecx: 15015	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 0e 3b 2d dc e8 d0 1f 87 b7 44 69 87 4d 61 00 exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345ff32 registers.esp: 1629888 registers.edi: 213348 registers.eax: 9414888 registers.ebp: 1629944 registers.edx: 3368256899 registers.ebx: 54808576 registers.esi: 64198 registers.ecx: 1629892	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 33 38 87 52 89 da 6d 7c 49 cd bf 1c 9b 16 d2 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x345ff66 registers.esp: 1629888 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 15760 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 72 13 3c 9f 87 21 72 f4 21 e2 8e 0d 73 65 a1 cc exception.instruction: jb 0x345ffbc exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x345ffa7 registers.esp: 1629884 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 1788110678 registers.ebx: 326559893 registers.esi: 1629880 registers.ecx: 256	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 2e 75 78 5a 81 f2 80 c0 6a 82 cc 3e e8 ac a5 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x345ffcb registers.esp: 1629892 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2891073122 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 3e e8 ac a5 a5 8e 65 8f 7e e8 d7 13 4b 1a 2c exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x345ffd6 registers.esp: 1629892 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 775456482 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7e 06 25 90 fa 99 47 c8 3b 60 a7 3e 9b 00 84 c0 exception.instruction: jle 0x346001a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3460012 registers.esp: 1629884 registers.edi: 1629880 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 12 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 38 5f d6 8a 0e 11 4f 49 7c 72 38 5d ed 84 de exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x346002f registers.esp: 1629904 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 1e 25 bc 33 52 e6 87 ee 18 17 fd c6 00 5e 68 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x346005a registers.esp: 1629900 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 26658 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 3f 25 d8 70 df c9 b1 d3 34 07 9d 2e 00 5f 81 exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3460080 registers.esp: 1629896 registers.edi: 34202 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 22 9c 12 e9 20 b3 11 aa 81 04 24 82 85 93 d4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3460096 registers.esp: 1629900 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 26 25 13 fd 35 3b 3a f5 46 17 46 01 81 04 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x34600a6 registers.esp: 1629900 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 11 20 3b 04 70 27 33 9f 5e 00 59 68 bb 86 cd exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x34600cc registers.esp: 1629896 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 2756	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 2d f2 26 50 ed 81 2c 24 5f 55 4c 58 81 2c 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x34600e4 registers.esp: 1629896 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 24 34 7c 3b 10 42 89 84 c8 7e 19 10 be 5c cc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x34600f8 registers.esp: 1629896 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 2c 36 be 12 f7 c3 89 eb 81 c3 19 1d ed 00 81 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3460107 registers.esp: 1629896 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 326559893 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 26 d6 39 0f 88 e3 a4 77 ed e6 20 be 89 95 0e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x346011c registers.esp: 1629896 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 1630268 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 74 0a 3c e9 a9 9a b2 4f 31 f0 ff 63 59 c7 19 a3 exception.instruction: je 0x3460165 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3460159 registers.esp: 1629884 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 1630268 registers.ebx: 1630268 registers.esi: 2005865610 registers.ecx: 1629880	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 37 26 45 b3 b7 0c c8 51 ad 68 6e 00 5f 57 bf exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3460197 registers.esp: 1629888 registers.edi: 25066 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 1630268 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7b 06 20 d9 26 bf de 87 67 5b 00 84 ed 58 66 85 exception.instruction: jnp 0x34601ce exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x34601c6 registers.esp: 1629884 registers.edi: 256 registers.eax: 1629880 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 1630268 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 37 2d 25 54 00 5f 81 34 24 c3 5a 1a 51 56 be exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x34601ef registers.esp: 1629884 registers.edi: 38544 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 1630268 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 74 09 3e fe d6 52 a9 f2 56 c9 9d 25 e6 f0 ac 5e exception.instruction: je 0x346022a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x346021f registers.esp: 1629880 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 1629876 registers.esi: 256 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc 2f 6b de 81 34 24 02 c1 ee 23 57 bf ff b8 cd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x346023b registers.esp: 1629888 registers.edi: 213348 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 1630268 registers.esi: 2005865610 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 14, 2023, 10:02 a.m.	process_identifier: 1156 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 14, 2023, 10:02 a.m.	process_identifier: 1156 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 14, 2023, 10:02 a.m.	process_identifier: 1156 region_size: 35241984 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02890000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsmCBF7.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsmCBF7.tmp\System.dll

File has been identified by 9 AntiVirus engines on VirusTotal as malicious (9 events)

Bkav	W32.AIDetectMalware
McAfee	Artemis!F2D7173DB057
Elastic	malicious (high confidence)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
McAfee-GW-Edition	Artemis
Sophos	Mal/Generic-S
Microsoft	Trojan:Win32/Randet.A!plock
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
Cynet	Malicious (score: 99)

Queries for potentially installed applications (3 events)

Time & API	Arguments	Return
RegOpenKeyExW July 14, 2023, 10:02 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses	2
RegOpenKeyExW July 14, 2023, 10:02 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses	2
RegOpenKeyExW July 14, 2023, 10:02 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses	2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 14, 2023, 10:03 a.m.	tid: 1872 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

winap.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All