Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 14, 2023, 10:02 a.m.	July 14, 2023, 10:06 a.m.

Size	697.3KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`cc91f7eb62a5019c1d0d5e718f68e555`
SHA256	`ec8b3de1457da737eb314ce05352d79a445db7bf97ab49d4ebdc5acc8c189fad`
CRC32	`CDC82D22`
ssdeep	`6144:mQ606xBwuSRDF2FXbmXzMT4teeBWHYpePla7v/zaKHXsSESoUxmwCgCLAFs+DYJw:J1/2FX6XzMT47kPg7HJxx5xFsKK+p`
Yara	UPX_Zero - UPX packed file NSIS_Installer - Null Soft Installer Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

winap.exe "C:\Users\test22\AppData\Local\Temp\winap.exe"
792

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 14, 2023, 10:02 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7a 0b d5 3e ed 6f 59 5c c6 6b 91 05 50 00 84 db exception.instruction: jp 0x3075d0c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3075cff registers.esp: 1629936 registers.edi: 256 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 1629932 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc d3 98 e7 20 87 c6 f5 68 9e 5b 78 39 81 2c 24 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3075d13 registers.esp: 1629944 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 32 cf 69 5a 6c 42 6d ef 15 ba 9b 8d e4 91 48 exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3075d45 registers.esp: 1629936 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 9056 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc d2 a0 af 6b 4a 4d 14 8e 81 34 24 38 2d c6 b4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3075d61 registers.esp: 1629940 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 3b dc e6 aa 2c 00 5b 53 bb bb 7e cb 48 81 c3 exception.instruction: mov dword ptr [ebx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3075d83 registers.esp: 1629936 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 7311 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 13 cf 10 f1 31 b5 3b f2 9d 57 76 e5 41 7e a9 exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3075da3 registers.esp: 1629936 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 9767 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc dd 4a e3 c4 b1 8f 85 44 01 00 00 60 53 bb 8a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30900b3 registers.esp: 1629932 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 0b d2 b6 2f c9 8b 56 00 5b 89 95 98 01 00 00 exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x30900d8 registers.esp: 1629900 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 2387 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7e 02 d3 05 9c a0 2f 00 80 fd 62 5e 66 85 d9 5b exception.instruction: jle 0x3090113 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x309010f registers.esp: 1629896 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 256 registers.esi: 1629892 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 73 0c c9 52 38 19 03 fa e8 2f 2b 37 d6 d4 a6 20 exception.instruction: jae 0x309014d exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x309013f registers.esp: 1629896 registers.edi: 256 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 3256873069 registers.ebx: 50810880 registers.esi: 1629892 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 3a cc e3 ab f0 3e 45 0d 65 31 e7 c0 18 b6 1c exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3090175 registers.esp: 1629900 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 29510 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc c8 e0 30 d1 60 c8 17 bb 80 1e b0 4f 7a 41 f1 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x309018d registers.esp: 1629904 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 4116175168 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc d7 b3 d1 fb ad b7 ee 7f 8f e2 d6 81 c2 1d a8 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30901a6 registers.esp: 1629904 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 1791514703 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc dc b8 a2 fb 38 89 52 8b 95 98 01 00 00 cc ce exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30901b8 registers.esp: 1629904 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 108 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc ce 9d 6d 2c 0d 65 3f 40 78 6a 81 79 73 14 65 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30901c6 registers.esp: 1629900 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 30 cb 0d bd a9 d3 1e 5f a1 4a c0 ee 16 90 00 exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x30901f5 registers.esp: 1629892 registers.edi: 219068 registers.eax: 5573 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 03 d0 66 34 c1 f7 03 0b b9 00 5b 81 34 24 77 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x309022c registers.esp: 1629892 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 3965 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 1e d6 f6 73 53 d9 b6 d1 05 f3 2b 00 5e 53 bb exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3090251 registers.esp: 1629892 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 39800 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 1b d6 8f e0 48 4a c6 64 01 b5 93 00 5b 51 b9 exception.instruction: mov dword ptr [ebx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x309027d registers.esp: 1629892 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 64060 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 75 02 d6 4c 0b 82 d3 2d 4a 33 ef 84 00 38 e6 5b exception.instruction: jne 0x30902ab exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x30902a7 registers.esp: 1629888 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 1629884 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 00 c9 39 7f bf 1f b7 ac e0 2a 8a e4 92 5f 33 exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x30902df registers.esp: 1629892 registers.edi: 219068 registers.eax: 47787 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 681068477 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc d5 0f 28 f0 57 83 40 dc dd 7c 8c 51 4a 81 ee exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30902f8 registers.esp: 1629896 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 706857523 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7a 07 c9 a7 6f 9b 65 93 d5 ea 84 af f2 ac 01 cb exception.instruction: jp 0x3090342 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3090339 registers.esp: 1629888 registers.edi: 1629884 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 256 registers.ebx: 50810880 registers.esi: 7602286 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 1a d4 cb ab 21 fe 04 f6 e0 6a b9 0c 79 00 5a exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x309036d registers.esp: 1629888 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 44685 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 37 d5 f0 50 0d 58 95 e2 3b fb 94 18 00 5f 53 exception.instruction: mov dword ptr [edi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x309039b registers.esp: 1629888 registers.edi: 16919 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 03 ca 8a e5 1a d2 d4 3a 27 0e ac 37 d9 bd aa exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x30903c8 registers.esp: 1629888 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 21439 registers.esi: 2005865610 registers.ecx: 50814118	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 79 03 d1 d6 bf 97 33 28 ea 00 39 d0 58 81 7d 70 exception.instruction: jns 0x3090402 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x30903fd registers.esp: 1629884 registers.edi: 219068 registers.eax: 1629880 registers.ebp: 1629944 registers.edx: 256 registers.ebx: 50810880 registers.esi: 2005865610 registers.ecx: 1629892	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 0b d1 74 85 f4 c1 c1 eb 00 5b ba 30 a6 46 ab exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3090436 registers.esp: 1629888 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 50810880 registers.ebx: 19870 registers.esi: 2005865610 registers.ecx: 1629892	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 0e d5 b8 d8 82 bb 8c ef 2c 1f b9 fa 00 5e e8 exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3090458 registers.esp: 1629888 registers.edi: 219068 registers.eax: 9654768 registers.ebp: 1629944 registers.edx: 2873534000 registers.ebx: 50810880 registers.esi: 21443 registers.ecx: 1629892	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc dc f7 33 26 3d b6 89 bd 71 02 00 00 bf 6a bc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x309046c registers.esp: 1629892 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc cb f5 e2 88 6c 15 e4 c0 b0 b3 bb 9b 6e 18 7b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x309047e registers.esp: 1629892 registers.edi: 4019108970 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 03 d7 ae 16 87 de 14 df 73 e6 00 5b 81 f7 04 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x30904ac registers.esp: 1629888 registers.edi: 4019108970 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 57613 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc d0 ee 2a 8a 1c 9a 34 9b ec 6f 81 ef 6a 3b 96 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30904bf registers.esp: 1629892 registers.edi: 1735843950 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 06 d2 d5 13 c7 e9 8d 00 5e 81 f7 08 a5 e0 1f exception.instruction: mov dword ptr [esi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x30904e8 registers.esp: 1629888 registers.edi: 534816004 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 31173 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 02 ce 43 84 a7 b0 55 16 bd eb e1 94 c8 83 db exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3090510 registers.esp: 1629888 registers.edi: 12 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 25392 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 07 cb 2a a3 32 8e a4 f0 c6 23 6e 76 32 04 00 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x309054c registers.esp: 1629900 registers.edi: 33610 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 74 0c ce ca b2 c1 b8 db ea 83 e3 13 22 3b cf fd exception.instruction: je 0x309058c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x309057e registers.esp: 1629896 registers.edi: 219068 registers.eax: 1629892 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 256 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7f 06 d4 7d 18 30 16 08 69 c5 28 4f aa 45 00 38 exception.instruction: jg 0x30905c8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x30905c0 registers.esp: 1629896 registers.edi: 1629892 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc c8 36 88 ef b3 1a 07 a9 01 05 a3 d8 40 f7 89 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30905df registers.esp: 1629904 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7d 04 ca ea 6f f6 87 59 67 fa f6 09 d9 59 52 b9 exception.instruction: jge 0x309061e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3090618 registers.esp: 1629896 registers.edi: 1629892 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 3575514721	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 71 02 ca 5a 95 4a 83 dc e6 ee 66 50 fd 84 15 85 exception.instruction: jno 0x3090670 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x309066c registers.esp: 1629896 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 256 registers.ecx: 1629892	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 07 d7 79 3e ed 9d 9f ac d3 02 00 5f cc d7 d2 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x309069b registers.esp: 1629900 registers.edi: 61372 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 4	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc d7 d2 4b 88 95 7e bc 2c 07 39 d7 51 52 ba 8f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30906a8 registers.esp: 1629904 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 4	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 72 03 d0 dc d1 c3 bd 43 e8 2d 00 66 f7 c1 9c c3 exception.instruction: jb 0x30906d5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x30906d0 registers.esp: 1629892 registers.edi: 1629888 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 256 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 4	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc d0 ac de 2e 89 fe 6e 1f d0 cf 52 ba d7 b2 19 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x30906ea registers.esp: 1629900 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 7c 03 d3 75 c8 23 ac 00 38 f5 59 66 f7 c2 53 3f exception.instruction: jl 0x3090715 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3090710 registers.esp: 1629892 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 256 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 1629888	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 01 d5 76 32 b8 35 d7 46 65 e1 7c 0e 00 59 81 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x309073e registers.esp: 1629892 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 3103	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 3f c8 a0 47 81 5f 24 08 d7 22 7f 0e a2 46 79 exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3090772 registers.esp: 1629892 registers.edi: 5683 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: cc cf 98 54 35 06 e2 9a 1a c3 a1 fb 1e cd c9 af exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x309078d registers.esp: 1629896 registers.edi: 219068 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ July 14, 2023, 10:02 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x755f946a exception.instruction_r: 89 07 d3 51 e1 01 0c 00 5f 89 eb cc de 70 5b 8e exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x30907c0 registers.esp: 1629892 registers.edi: 54104 registers.eax: 2005662384 registers.ebp: 1629944 registers.edx: 2005623258 registers.ebx: 4289465595 registers.esi: 2005865610 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 14, 2023, 10:02 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 14, 2023, 10:02 a.m.	process_identifier: 792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 14, 2023, 10:02 a.m.	process_identifier: 792 region_size: 18513920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02820000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nstCA80.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nstCA80.tmp\System.dll

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
F-Secure	Trojan.TR/AD.NsisInject.yngiy
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen

Queries for potentially installed applications (3 events)

Time & API	Arguments	Return
RegOpenKeyExW July 14, 2023, 10:02 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses	2
RegOpenKeyExW July 14, 2023, 10:02 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses	2
RegOpenKeyExW July 14, 2023, 10:02 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Flapdragon\Drivaksen\Tillokkelses	2

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 14, 2023, 10:02 a.m.	tid: 1208 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

winap.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All