Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 19, 2023, 9:11 a.m.	July 19, 2023, 9:14 a.m.

Size	588.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`e70e36db9a2ee974d0f245b469b0b7c7`
SHA256	`d2d953316afcbea411a66445552d65258111f63ab2c68987db698b6db43b593d`
CRC32	`5D77129B`
ssdeep	`12288:8QyySv1x91+SID4x1mAauZj8og7sOJyyq7TR5w5II6pS:3yySv1ESIcxYARZj8og7sOJ5qh5K2S`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe "C:\Users\test22\AppData\Local\Temp\DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe"
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 19, 2023, 9:11 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7b 04 c8 e6 8e 05 09 00 81 f9 ec 80 28 4b 58 81 exception.instruction: jnp 0x78694af exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x78694a9 registers.esp: 1631364 registers.edi: 136804 registers.eax: 1631360 registers.ebp: 1631372 registers.edx: 126259200 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 126260316	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 31 d7 fc 4f 63 be 53 d9 0a 55 51 16 15 c2 ee exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x78694dc registers.esp: 1631368 registers.edi: 136804 registers.eax: 3534888713 registers.ebp: 1631372 registers.edx: 126259200 registers.ebx: 126259200 registers.esi: 1995838602 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0b d3 aa a6 bd 36 cd 4a 26 b1 2b a1 a1 10 f8 exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874db4 registers.esp: 1631324 registers.edi: 136804 registers.eax: 9165584 registers.ebp: 1631372 registers.edx: 126259200 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 126260316	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c4 07 20 81 34 24 83 e3 a8 84 81 34 24 30 d2 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7874dd4 registers.esp: 1631324 registers.edi: 136804 registers.eax: 9165584 registers.ebp: 1631372 registers.edx: 126259200 registers.ebx: 126259200 registers.esi: 1995838602 registers.ecx: 126260316	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 04 cd f6 f3 d6 b2 c2 03 bc 72 8e 00 81 ff d9 exception.instruction: jae 0x7874e35 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874e2f registers.esp: 1631312 registers.edi: 256 registers.eax: 9165584 registers.ebp: 1631372 registers.edx: 126259200 registers.ebx: 1631308 registers.esi: 1995838602 registers.ecx: 126260316	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 02 c8 0c 3e e6 1b 00 84 ff 5f 66 85 cb 5b e8 exception.instruction: jg 0x7874e78 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874e74 registers.esp: 1631312 registers.edi: 1631308 registers.eax: 9165584 registers.ebp: 1631372 registers.edx: 39722697 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 1631320	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 08 d5 71 57 74 79 f1 48 d1 7e 68 a2 d8 c9 4e exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874ebd registers.esp: 1631328 registers.edi: 136804 registers.eax: 0 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 3547389397 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 07 cf a4 b8 33 bf 34 6f 98 c7 cb 75 69 00 66 exception.instruction: jl 0x7874f14 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874f0b registers.esp: 1631324 registers.edi: 4 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1631320 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc ca 1d 74 7f 3f b3 76 81 1f 8b bd 64 02 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7874f22 registers.esp: 1631328 registers.edi: 4 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 3547389397 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 3e ce 99 db e6 4a 75 18 04 92 09 a0 00 5e 81 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874f4f registers.esp: 1631320 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 3547389397 registers.esi: 0 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 31 cc 60 2f d0 7e 26 d9 f1 a2 00 59 89 95 2c exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874f99 registers.esp: 1631320 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 1995838602 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 05 c9 09 dc ea 68 38 00 84 d0 59 38 c1 5b 8b exception.instruction: jle 0x7874fd8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874fd1 registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1631696 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 1631308	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c9 c3 84 8d 7d 05 a1 ee c7 85 48 01 00 00 18 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7875000 registers.esp: 1631316 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 18 cd 87 95 93 f7 4c f9 b4 95 aa 00 58 81 b5 exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x787502d registers.esp: 1631312 registers.edi: 136804 registers.eax: 0 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d4 10 8a 4b f6 b0 1d c8 6c bf 84 53 55 2a 33 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7875059 registers.esp: 1631316 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 39 cc 1c 4b 20 3b ea 99 78 b0 00 59 81 ea b4 exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x78750a2 registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 3776381112 registers.ebx: 1631696 registers.esi: 1995838602 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 03 c8 29 81 1b a6 00 5b 01 d3 8b 95 e6 01 00 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x78750c7 registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 4 registers.ebx: 0 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 02 ce 4b 87 3f 71 34 97 ad 73 a2 9c 00 66 81 exception.instruction: jo 0x78750fe exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x78750fa registers.esp: 1631308 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631304 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d3 6d ba 85 c3 bd 08 a2 b2 c1 94 ba 17 5a b0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x787511d registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631700 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0a d3 e7 f7 83 45 d3 8e 61 dc f1 d7 ba 45 14 exception.instruction: jno 0x787516e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7875162 registers.esp: 1631304 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 3693656262 registers.ecx: 1631300	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 03 ca d8 0b a2 c3 42 aa 00 85 d9 5b 38 ec 5a exception.instruction: jl 0x78751ae exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x78751a9 registers.esp: 1631300 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 256 registers.ebx: 1631296 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c5 b8 52 21 83 bd 60 01 00 00 00 0f 85 a6 fb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x78751c6 registers.esp: 1631364 registers.edi: 136804 registers.eax: 9165584 registers.ebp: 1631372 registers.edx: 126259200 registers.ebx: 126259200 registers.esi: 1995838602 registers.ecx: 126260316	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 19 ce d0 20 b6 f3 37 91 46 b0 a5 5e 00 59 8b exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x78751f0 registers.esp: 1631360 registers.edi: 136804 registers.eax: 9165584 registers.ebp: 1631372 registers.edx: 126259200 registers.ebx: 126259200 registers.esi: 1995838602 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 09 d5 d7 c6 40 5f 50 04 3e 77 51 0d 0e 0b 00 exception.instruction: jg 0x7875237 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x787522c registers.esp: 1631356 registers.edi: 136804 registers.eax: 50855936 registers.ebp: 1631372 registers.edx: 256 registers.ebx: 126259200 registers.esi: 1995838602 registers.ecx: 1631352	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 0c d2 11 f2 14 05 b0 2d 0d 10 91 84 cc 51 6a exception.instruction: jg 0x7869551 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7869543 registers.esp: 1631364 registers.edi: 1631360 registers.eax: 256 registers.ebp: 1631372 registers.edx: 1625198915 registers.ebx: 8662168 registers.esi: 8662192 registers.ecx: 8662168	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 31 cb a7 e4 8a a2 86 b7 6e 00 59 e8 6f e1 01 exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7869587 registers.esp: 1631368 registers.edi: 136804 registers.eax: 1337 registers.ebp: 1631372 registers.edx: 4275128119 registers.ebx: 8662168 registers.esi: 8662192 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x755b0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d3 d2 d8 b7 af 71 1f 9f 9b eb 40 9c f0 b9 01 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x78695a9 registers.esp: 1631372 registers.edi: 136804 registers.eax: 1969084418 registers.ebp: 1631372 registers.edx: 1969720771 registers.ebx: 1527750909 registers.esi: 8662192 registers.ecx: 836929527	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x755b0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 76 0c cf 63 8f 6b a6 2f 0c 9c 3b 8b 51 d6 00 66 exception.instruction: jbe 0x78695f5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x78695e7 registers.esp: 1631364 registers.edi: 136804 registers.eax: 256 registers.ebp: 1631372 registers.edx: 1969720771 registers.ebx: 1631360 registers.esi: 8662192 registers.ecx: 4096	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x755b0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 0b d3 aa a6 bd 36 cd 4a 26 b1 2b a1 a1 10 f8 exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874db4 registers.esp: 1631324 registers.edi: 136804 registers.eax: 1969084418 registers.ebp: 1631372 registers.edx: 1969720771 registers.ebx: 0 registers.esi: 8662192 registers.ecx: 1216	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x755b0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c4 07 20 81 34 24 83 e3 a8 84 81 34 24 30 d2 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7874dd4 registers.esp: 1631324 registers.edi: 136804 registers.eax: 1969084418 registers.ebp: 1631372 registers.edx: 1969720771 registers.ebx: 1527750909 registers.esi: 8662192 registers.ecx: 1216	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x755b0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 73 04 cd f6 f3 d6 b2 c2 03 bc 72 8e 00 81 ff d9 exception.instruction: jae 0x7874e35 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874e2f registers.esp: 1631312 registers.edi: 256 registers.eax: 1969084418 registers.ebp: 1631372 registers.edx: 1969720771 registers.ebx: 1631308 registers.esi: 8662192 registers.ecx: 1216	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: GetStartupInfoA-0x10e00 kernel32+0x0 @ 0x755b0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 02 c8 0c 3e e6 1b 00 84 ff 5f 66 85 cb 5b e8 exception.instruction: jg 0x7874e78 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874e74 registers.esp: 1631312 registers.edi: 1631308 registers.eax: 1969084418 registers.ebp: 1631372 registers.edx: 39722697 registers.ebx: 256 registers.esi: 8662192 registers.ecx: 1631320	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 08 d5 71 57 74 79 f1 48 d1 7e 68 a2 d8 c9 4e exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874ebd registers.esp: 1631328 registers.edi: 136804 registers.eax: 0 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 3547389397 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 07 cf a4 b8 33 bf 34 6f 98 c7 cb 75 69 00 66 exception.instruction: jl 0x7874f14 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874f0b registers.esp: 1631324 registers.edi: 4 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1631320 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc ca 1d 74 7f 3f b3 76 81 1f 8b bd 64 02 00 00 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7874f22 registers.esp: 1631328 registers.edi: 4 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 3547389397 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 3e ce 99 db e6 4a 75 18 04 92 09 a0 00 5e 81 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874f4f registers.esp: 1631320 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 3547389397 registers.esi: 0 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 31 cc 60 2f d0 7e 26 d9 f1 a2 00 59 89 95 2c exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7874f99 registers.esp: 1631320 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 8662192 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7e 05 c9 09 dc ea 68 38 00 84 d0 59 38 c1 5b 8b exception.instruction: jle 0x7874fd8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7874fd1 registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1631696 registers.ebx: 256 registers.esi: 8662192 registers.ecx: 1631308	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c9 c3 84 8d 7d 05 a1 ee c7 85 48 01 00 00 18 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7875000 registers.esp: 1631316 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 18 cd 87 95 93 f7 4c f9 b4 95 aa 00 58 81 b5 exception.instruction: mov dword ptr [eax], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x787502d registers.esp: 1631312 registers.edi: 136804 registers.eax: 0 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d4 10 8a 4b f6 b0 1d c8 6c bf 84 53 55 2a 33 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7875059 registers.esp: 1631316 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631696 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 39 cc 1c 4b 20 3b ea 99 78 b0 00 59 81 ea b4 exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x78750a2 registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 3776381112 registers.ebx: 1631696 registers.esi: 8662192 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 03 c8 29 81 1b a6 00 5b 01 d3 8b 95 e6 01 00 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x78750c7 registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 4 registers.ebx: 0 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 70 02 ce 4b 87 3f 71 34 97 ad 73 a2 9c 00 66 81 exception.instruction: jo 0x78750fe exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x78750fa registers.esp: 1631308 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631304 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc d3 6d ba 85 c3 bd 08 a2 b2 c1 94 ba 17 5a b0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x787511d registers.esp: 1631312 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 1631700 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 71 0a d3 e7 f7 83 45 d3 8e 61 dc f1 d7 ba 45 14 exception.instruction: jno 0x787516e exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7875162 registers.esp: 1631304 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 3693656262 registers.ecx: 1631300	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7c 03 ca d8 0b a2 c3 42 aa 00 85 d9 5b 38 ec 5a exception.instruction: jl 0x78751ae exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x78751a9 registers.esp: 1631300 registers.edi: 136804 registers.eax: 1995635376 registers.ebp: 1631372 registers.edx: 256 registers.ebx: 1631296 registers.esi: 8662192 registers.ecx: 182	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: cc c5 b8 52 21 83 bd 60 01 00 00 00 0f 85 a6 fb exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x78751c6 registers.esp: 1631364 registers.edi: 136804 registers.eax: 1969084418 registers.ebp: 1631372 registers.edx: 1969720771 registers.ebx: 1527750909 registers.esi: 8662192 registers.ecx: 1216	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 89 19 ce d0 20 b6 f3 37 91 46 b0 a5 5e 00 59 8b exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x78751f0 registers.esp: 1631360 registers.edi: 136804 registers.eax: 1969084418 registers.ebp: 1631372 registers.edx: 1969720771 registers.ebx: 1527750909 registers.esi: 8662192 registers.ecx: 0	1
__exception__ July 19, 2023, 9:12 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x755ebdc8 exception.instruction_r: 7f 09 d5 d7 c6 40 5f 50 04 3e 77 51 0d 0e 0b 00 exception.instruction: jg 0x7875237 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x787522c registers.esp: 1631356 registers.edi: 136804 registers.eax: 50921472 registers.ebp: 1631372 registers.edx: 256 registers.ebx: 1527750909 registers.esi: 8662192 registers.ecx: 1631352	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 19, 2023, 9:11 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 19, 2023, 9:11 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73924000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 19, 2023, 9:12 a.m.	process_identifier: 2560 region_size: 18092032 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06bf0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsjEE68.tmp\System.dll
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Registernavne\Attakerer\Researchafdelingen\Radiographically\vulkan-1.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsjEE68.tmp\System.dll

Queries for potentially installed applications (1 event)

Time & API	Arguments	Status	Return	Repeated
RegOpenKeyExA July 19, 2023, 9:11 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\Gujrati\Kemptken base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gujrati\Kemptken		2	0

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ July 19, 2023, 9:12 a.m.	tid: 2564 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Androm.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Zum.Androm.1
CAT-QuickHeal	Backdoor.Androm
McAfee	Artemis!E70E36DB9A2E
Cylance	unsafe
Sangfor	Backdoor.Win32.Androm.V640
CrowdStrike	win/malicious_confidence_70% (W)
Alibaba	Backdoor:Win32/Androm.3588f12d
Cyren	W32/ABRisk.FKFT-7406
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.CVFKTMI
APEX	Malicious
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Zum.Androm.1
Avast	Win32:Malware-gen
Emsisoft	Zum.Androm.1 (B)
VIPRE	Zum.Androm.1
TrendMicro	Trojan.Win32.GULOADER.YXDEQZ
McAfee-GW-Edition	RDN/Androm
FireEye	Zum.Androm.1
Sophos	Mal/Generic-S
GData	Zum.Androm.1
Webroot	W32.Malware.Gen
Gridinsoft	Ransom.Win32.Wacatac.sa
Arcabit	Zum.Androm.1
ZoneAlarm	HEUR:Backdoor.Win32.Androm.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Google	Detected
MAX	malware (ai score=88)
Malwarebytes	Trojan.GuLoader.NSIS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDEQZ
Tencent	Win32.Trojan.FalseSign.Simw
Fortinet	W32/Androm.CVFKTMI!tr
AVG	Win32:Malware-gen
Cybereason	malicious.b9a2ee
DeepInstinct	MALICIOUS

DIEN TT_SACOMBANK 15052023_907170181_PAYMENT.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All