Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 4, 2023, 8:55 a.m.	Aug. 4, 2023, 8:57 a.m.

Size	323.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`9cd26ed910554ae5b86e53ef892e7117`
SHA256	`61e247e909bac54941a8d5746a808e3d760652cfeaafd34535a85e7f13d6cead`
CRC32	`10C32259`
ssdeep	`6144:jBeEp+sUD8z87jwGOVDRXWTUG2Yt2HWu6/r7/2FGCnrO:7p+sUD8z87ERRX/1YtElPFlrO`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

IBS_Cortana.exe "C:\Users\test22\AppData\Local\Temp\IBS_Cortana.exe"
184

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 4, 2023, 8:55 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc cc 9c 0d 70 ac 49 56 7a 09 23 a1 95 70 ef 9d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4237fd3 registers.esp: 60421968 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 13 bd 75 27 c2 dc 10 75 a1 e5 93 d8 32 f5 ff exception.instruction: mov dword ptr [ebx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4238012 registers.esp: 60421964 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 16050 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 12 4c 12 92 29 0b a0 fe 0c 26 66 55 f5 9b a9 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4238055 registers.esp: 60421964 registers.edi: 4183515132 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 1304 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f c7 38 86 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [eax] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x423807e registers.esp: 60421968 registers.edi: 2017029748 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 0f bc 64 7d da 24 71 e4 89 0b 5b c6 61 69 82 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x42380bb registers.esp: 60421964 registers.edi: 29932 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7f 06 57 03 95 12 28 c0 78 f6 62 31 d4 4d 96 53 exception.instruction: jg 0x4238111 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4238109 registers.esp: 60421960 registers.edi: 20480 registers.eax: 60421956 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 66 0f c7 31 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [ecx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x423813e registers.esp: 60421964 registers.edi: 20480 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: f3 0f c7 36 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmxon qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x425ee5c registers.esp: 60421960 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 01 c1 92 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmcall exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x425ee9b registers.esp: 60421960 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc d6 98 2c 70 0f 85 3b 4e 5f ed 46 19 5e 6a 13 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425eeba registers.esp: 60421960 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 09 e7 24 46 78 4d 02 1d be 7d 10 e5 ed d1 97 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425eeff registers.esp: 60421920 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 62609	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 23 e4 17 fa b7 fa fa b1 33 98 c9 ba ad 90 76 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425ef36 registers.esp: 60421924 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 73 1e 55 d3 f7 6f 6f 21 47 e1 8b 1e ef 56 75 77 exception.instruction: jae 0x425efb1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425ef91 registers.esp: 60421916 registers.edi: 60421912 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 11 29 33 a8 4a 0f 7b 6e af 9e 05 d8 4f 36 cf exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425efd8 registers.esp: 60421920 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 8136	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 33 5d de 13 76 46 2f 36 47 c5 60 38 de d2 bc exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425f01d registers.esp: 60421920 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 3913 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 00 11 54 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [ecx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x425f053 registers.esp: 60421924 registers.edi: 1771424785 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 50 ef 73 8a 73 c0 5b 96 7b 46 ac ca c1 b9 49 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f080 registers.esp: 60421924 registers.edi: 1771424785 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 75 0d be 53 1c 14 22 76 e4 47 8a 66 96 3f 4c 26 exception.instruction: jne 0x425f0d7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f0c8 registers.esp: 60421916 registers.edi: 60421912 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 00 10 48 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [eax] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x425f0f9 registers.esp: 60421924 registers.edi: 3297933326 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 66 0f c7 33 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x425f124 registers.esp: 60421924 registers.edi: 3249885436 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7c 1a d7 7a 43 ef cb dc 58 ca 82 f1 d6 fc df 61 exception.instruction: jl 0x425f194 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f178 registers.esp: 60421916 registers.edi: 256 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 60421912 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 4c 74 07 74 41 f0 39 df 74 d5 fc fb b6 8a 0d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f1a8 registers.esp: 60421924 registers.edi: 7077988 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 00 db 26 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: ltr bx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x425f1d0 registers.esp: 60421924 registers.edi: 7077988 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7c 14 4b 89 cd 87 a5 a9 27 63 29 f8 5f be 6b 29 exception.instruction: jl 0x425f232 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f21c registers.esp: 60421912 registers.edi: 7077988 registers.eax: 60421908 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 256 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 89 07 f6 ea 70 4a 10 d8 f3 33 22 23 d6 87 05 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f24e registers.esp: 60421920 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 70 0e 55 fd 04 e5 91 2f cb 12 fb 7b 0b 44 c3 d0 exception.instruction: jo 0x425f2ac exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f29c registers.esp: 60421908 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 60421904 registers.ecx: 256	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 01 f1 07 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lmsw cx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x425f2ce registers.esp: 60421916 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 91 50 8f ca f3 90 03 db da 07 a4 fa d6 e1 80 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f2ef registers.esp: 60421916 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 3c 98 ec 53 39 85 21 46 ea b1 47 f6 29 ab bd exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f326 registers.esp: 60421916 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc df 95 4d eb e7 e1 83 49 26 a7 4a 20 01 98 5d exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f358 registers.esp: 60421916 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 3e a6 23 f3 cf 5e 34 05 1d 87 57 e2 f2 b4 e5 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425f3a8 registers.esp: 60421912 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 35044 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 01 11 74 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lgdt ptr [ecx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x425f3dc registers.esp: 60421916 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 69435161	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 2e 5c 6f d8 7d 1e ce 72 46 8a c5 32 30 dd 55 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f405 registers.esp: 60421916 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 69431296 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 60421916	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 00 de 85 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: ltr si exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x425f423 registers.esp: 60421916 registers.edi: 332776 registers.eax: 5468712 registers.ebp: 60421968 registers.edx: 3883588184 registers.ebx: 69431296 registers.esi: 2005865610 registers.ecx: 60421916	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f 09 5d f4 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: wbinvd exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x425f449 registers.esp: 60421916 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 91 f8 5b b7 d0 31 a2 43 23 cb ca b9 7b fb da exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f4cb registers.esp: 60421916 registers.edi: 332776 registers.eax: 131046945 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7b 1f e0 85 f3 65 c0 11 6b 5e e9 c6 a0 fe da 45 exception.instruction: jnp 0x425f530 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f50f registers.esp: 60421908 registers.edi: 60421904 registers.eax: 587056621 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 256	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 70 06 06 79 58 a3 ee e3 70 1c 38 08 38 78 f4 53 exception.instruction: jo 0x425f56c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f564 registers.esp: 60421908 registers.edi: 332776 registers.eax: 2257526308 registers.ebp: 60421968 registers.edx: 256 registers.ebx: 2364155 registers.esi: 60421904 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 66 0f c7 33 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x425f594 registers.esp: 60421916 registers.edi: 332776 registers.eax: 2257526308 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 0c 17 56 4a ec a1 00 76 c8 a8 cb 39 00 64 65 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f5ca registers.esp: 60421916 registers.edi: 332776 registers.eax: 12 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7b 05 71 26 ee 9a 76 e3 dc d9 81 15 a2 c0 a4 32 exception.instruction: jnp 0x425f619 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f612 registers.esp: 60421920 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 60421916 registers.esi: 256 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 19 34 8b 7a 24 dc 5b 69 1a c3 7f dd 19 e9 06 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425f669 registers.esp: 60421924 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 1579601734 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 58910	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 0f a9 e9 b9 92 32 dd e7 5c d0 d9 8f e9 ba a4 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425f6a3 registers.esp: 60421924 registers.edi: 49790 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 1908136265 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 0f c7 36 29 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrld qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x425f6c7 registers.esp: 60421928 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 4 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 33 4d 9a 98 1c be c9 54 0d aa f8 75 f6 78 60 exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425f6fe registers.esp: 60421920 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 4 registers.ebx: 64139 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 7e 0b f9 c2 8d fe 52 21 12 f1 18 ba f7 08 40 6f exception.instruction: jle 0x425f761 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f754 registers.esp: 60421916 registers.edi: 256 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 60421912	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc 2c 83 3a b3 d3 b0 b9 c3 f7 50 19 63 38 23 f3 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f78c registers.esp: 60421924 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: cc b0 8f 62 7e 01 f1 16 0b 61 c1 52 89 df 18 59 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x425f7b8 registers.esp: 60421924 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 182	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 89 11 88 08 a7 b2 10 44 1c 5e f3 ae fa 7d b6 48 exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x425f80a registers.esp: 60421916 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 2005865610 registers.ecx: 48212	1
__exception__ Aug. 4, 2023, 8:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x778a0000 SwitchToFiber+0x178 CreateFiber-0xe kernel32+0x3bdc8 @ 0x7581bdc8 exception.instruction_r: 71 18 67 e1 b4 1e 53 a4 2c 60 bf 92 e8 7d 53 62 exception.instruction: jno 0x425f869 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x425f84f registers.esp: 60421912 registers.edi: 332776 registers.eax: 2005662384 registers.ebp: 60421968 registers.edx: 2005623258 registers.ebx: 2364155 registers.esi: 60421908 registers.ecx: 256	1

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 4, 2023, 8:55 a.m.	process_identifier: 184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 4, 2023, 8:55 a.m.	process_identifier: 184 region_size: 28733440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03a10000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsbC242.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsbC242.tmp\System.dll

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Aug. 4, 2023, 8:55 a.m.	tid: 2068 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 99)
McAfee	Artemis!9CD26ED91055
Cylance	unsafe
Sangfor	Trojan.Win32.Agent.Vdtk
CrowdStrike	win/malicious_confidence_90% (W)
Cyren	W32/ABRisk.MWTV-3649
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	NSIS/Injector.BZR
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
Alibaba	Trojan:Win32/Makoob.610cfb1f
Avast	Win32:Malware-gen
F-Secure	Trojan.TR/Injector.iydrw
TrendMicro	Trojan.Win32.GULOADER.YXDHBZ
McAfee-GW-Edition	Artemis!Trojan
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.NSIS.Guloader
Webroot	W32.Malware.Gen
Avira	TR/Injector.iydrw
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
Microsoft	Trojan:Win32/Casdet!rfn
Google	Detected
Malwarebytes	Malware.AI.871869256
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDHBZ
Tencent	Win32.Trojan.FalseSign.Ngil
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS

IBS_Cortana.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All