Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 7, 2023, 8:26 a.m.	Aug. 7, 2023, 8:29 a.m.

Size	302.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`7418044f00199e4add2a6460ce07d884`
SHA256	`8a09e86a04a6dbd37f88d21e450d3072d11f24ba2c2f3f724383859f89a3424c`
CRC32	`EA0270CC`
ssdeep	`6144:TQ606x7lm/t8f1lglbvs+WJIQNzajm5dO8CNjnVxIpd4OOWo5QQKgl:3ot8f1lglbDWSHjm5dbCNh674CQKg`
Yara	UPX_Zero - UPX packed file NSIS_Installer - Null Soft Installer Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Rendestene.exe "C:\Users\test22\AppData\Local\Temp\Rendestene.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
163.172.154.142	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 7, 2023, 8:26 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7e 20 a3 83 84 a4 7a 7b c4 7c 87 f4 a8 02 39 b3 exception.instruction: jle 0x3bc4651 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3bc462f registers.esp: 1629816 registers.edi: 222900 registers.eax: 1629812 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 3890910264	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 03 dc 78 d9 54 b9 0a 3b d4 c1 8c d6 f7 a0 b7 exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3bc4675 registers.esp: 1629820 registers.edi: 222900 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 46344 registers.esi: 1995838602 registers.ecx: 3051280620	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 14 24 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lgdt ptr [esp] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x3bc46af registers.esp: 1629820 registers.edi: 222900 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 87 23 64 9a e8 5c ea 89 39 56 26 73 47 c0 bf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be0143 registers.esp: 1629780 registers.edi: 222900 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7c 10 7c 40 c9 74 7b f2 7b 05 f7 a4 5c 1f c0 20 exception.instruction: jl 0x3be01d7 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be01c5 registers.esp: 1629768 registers.edi: 222900 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 1629764 registers.esi: 256 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc d2 54 ff 1f 69 0e c5 16 30 f8 07 c7 6d 75 23 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be01ff registers.esp: 1629776 registers.edi: 222900 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 72 16 65 cd 80 a0 9c c4 00 97 18 96 4b ab 1b 3e exception.instruction: jb 0x3be0265 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be024d registers.esp: 1629768 registers.edi: 222900 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 256 registers.ebx: 1629764 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 78 12 d0 c8 a6 87 bd b9 52 c1 ab a5 7e c6 90 84 exception.instruction: js 0x3be02ff exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be02eb registers.esp: 1629768 registers.edi: 256 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 1629764	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 32 b8 11 2b 6f d4 2f ca 22 18 d0 7e 58 ab d0 exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be033c registers.esp: 1629772 registers.edi: 1276412896 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 55824 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 3e 0c f4 3d ce 12 28 4e 5f e7 ef 6e 37 2a 15 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be036b registers.esp: 1629776 registers.edi: 7602286 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 2e 4e ea 2e cd cb 0c 04 1e 6e 88 29 93 31 bf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be0390 registers.esp: 1629772 registers.edi: 222900 registers.eax: 9642248 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7d 0a ef c0 b7 30 1c 77 28 ad 46 77 30 4c fc 87 exception.instruction: jge 0x3be03f6 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be03ea registers.esp: 1629764 registers.edi: 222900 registers.eax: 1629760 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 28 ba e6 76 be c0 0e 6b a5 76 0d b2 47 60 19 exception.instruction: jne 0x3be046f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0445 registers.esp: 1629764 registers.edi: 1629760 registers.eax: 256 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 0f a4 b7 3d 45 d8 2b 25 c9 aa 83 cb 7e d1 b7 exception.instruction: jp 0x3be04c0 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be04af registers.esp: 1629764 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1629760 registers.ebx: 3835010389 registers.esi: 256 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 36 dc 9c 8a 1b 6c f6 5c c5 d5 f0 1e 4c 59 25 exception.instruction: mov dword ptr [esi], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be050d registers.esp: 1629768 registers.edi: 222900 registers.eax: 3264734531 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 3835010389 registers.esi: 61792 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 8b a9 6a 10 46 be 0c d7 41 b9 1f 72 75 6a 2a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be053c registers.esp: 1629772 registers.edi: 222900 registers.eax: 12 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 3835010389 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 70 0a 31 22 02 dd 58 9b 61 43 22 c2 58 82 d9 d7 exception.instruction: jo 0x3be058c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0580 registers.esp: 1629764 registers.edi: 1629760 registers.eax: 12 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 3835010389 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7c 02 57 27 f4 92 b1 cf b5 1d c8 b7 f6 03 a6 54 exception.instruction: jl 0x3be05e5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be05e1 registers.esp: 1629776 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 3835010389 registers.esi: 1995838602 registers.ecx: 1629772	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7b 12 56 7b b9 e1 eb 30 05 b3 0d 26 50 df 6d 36 exception.instruction: jnp 0x3be063a exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0626 registers.esp: 1629776 registers.edi: 1629772 registers.eax: 256 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 3835010389 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 76 16 d1 d9 1b f5 34 64 dc c9 26 ce 35 4f 51 e9 exception.instruction: jbe 0x3be068f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0677 registers.esp: 1629772 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 3835010389 registers.esi: 1629768 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 03 8d 45 61 d5 37 d7 56 b9 7b 04 11 cb 5f bb exception.instruction: mov dword ptr [ebx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be06e3 registers.esp: 1629776 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 25572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 70 14 a7 27 3a bf d2 af f2 48 8c 16 19 fc ef 25 exception.instruction: jo 0x3be0744 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be072e registers.esp: 1629772 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 3835010389 registers.esi: 256 registers.ecx: 1629768	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 78 28 ec f1 86 84 e8 6e 6d 1d 7d 45 de 8f 22 19 exception.instruction: js 0x3be07b2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0788 registers.esp: 1629768 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1629764 registers.ebx: 3835010389 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 76 09 8d d3 c3 26 59 bd c7 f0 f2 f6 d7 6f 0e 7e exception.instruction: jbe 0x3be0813 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0808 registers.esp: 1629768 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1629764 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f c7 3e 5b 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [esi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x3be0859 registers.esp: 1629776 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1629824 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 59 0b 7c fe 26 c9 3c 04 11 29 4c 8c ad 78 9e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be088c registers.esp: 1629776 registers.edi: 1063703549 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1629824 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 0d c5 4b ef f1 36 2b 44 2c 82 71 7a 3d 54 53 exception.instruction: jne 0x3be08ed exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be08de registers.esp: 1629768 registers.edi: 1063703549 registers.eax: 1629764 registers.ebp: 1629824 registers.edx: 256 registers.ebx: 1629824 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 66 0f c7 30 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [eax] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x3be0929 registers.esp: 1629776 registers.edi: 2314716329 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1629824 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 f6 9f 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lmsw si exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x3be095a registers.esp: 1629776 registers.edi: 324 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1629824 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 13 1a 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lgdt ptr [ebx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x3be0984 registers.esp: 1629776 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 79 15 34 05 ac 86 5e 6f 67 3d 65 3e db 70 ed fa exception.instruction: jns 0x3be09e1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be09ca registers.esp: 1629764 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 256 registers.ebx: 1629760 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 00 11 21 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [ecx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x3be0a01 registers.esp: 1629772 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7e 15 1d 92 7d de 51 30 50 f9 fe 1d 81 b7 67 82 exception.instruction: jle 0x3be0a74 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0a5d registers.esp: 1629764 registers.edi: 256 registers.eax: 1629760 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 5d 30 76 d7 f6 6e 6f a2 81 9d cc ef 4e e0 2a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be0a98 registers.esp: 1629768 registers.edi: 0 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 0e 6c f9 6c e6 49 cf 90 af aa 62 7b 6b 67 cf exception.instruction: jno 0x3be0af5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0ae5 registers.esp: 1629760 registers.edi: 1629756 registers.eax: 256 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7a 12 18 26 6d a7 a2 1a fe db 43 c1 63 a6 99 18 exception.instruction: jp 0x3be0b51 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0b3d registers.esp: 1629760 registers.edi: 222900 registers.eax: 256 registers.ebp: 1629824 registers.edx: 1629756 registers.ebx: 1630148 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 1e ff 52 fe 6c df 17 8a ed 59 e3 ad c8 fd 5b exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0b7d registers.esp: 1629764 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 6394 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 23 4b f1 c0 5e 07 e0 f8 94 3f 50 2f 69 8b ca exception.instruction: jno 0x3be0bfd exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0bd8 registers.esp: 1629760 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 1629756 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc a5 92 22 e4 40 8a 6f 57 d6 79 5b 51 29 41 64 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be0c26 registers.esp: 1629768 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630148 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 0b 7f 7a 48 46 e3 ca 3f 7f d2 a9 05 ec a4 17 exception.instruction: mov dword ptr [ebx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0c81 registers.esp: 1629764 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 4 registers.ebx: 37218 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 01 06 e4 41 da f5 f6 00 73 6c fe 53 8d 9d 56 exception.instruction: mov dword ptr [ecx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0cbd registers.esp: 1629764 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630152 registers.esi: 1995838602 registers.ecx: 60555	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 16 50 ee 02 c2 0c 16 09 2b 9f 8f 8a af a5 92 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0d01 registers.esp: 1629764 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630152 registers.esi: 37548 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 02 0b bb d9 1c 9f 5a ef f8 97 0f c0 2f 74 54 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0d53 registers.esp: 1629760 registers.edi: 222900 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 43433 registers.ebx: 1630152 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 0f 75 a6 ce 0d 76 33 3b b9 84 29 95 9e a2 66 exception.instruction: mov dword ptr [edi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0d9b registers.esp: 1629760 registers.edi: 45501 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630152 registers.esi: 1995838602 registers.ecx: 1012684795	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 70 30 1d 5d 75 61 e4 4b dc e3 6d 8d 15 0e 89 f1 exception.instruction: jo 0x3be0e21 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0def registers.esp: 1629756 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630152 registers.esi: 1995838602 registers.ecx: 1629752	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 17 6a f9 df eb 38 90 e3 15 ee 54 ba 14 65 7f exception.instruction: mov dword ptr [edi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0e4e registers.esp: 1629760 registers.edi: 55109 registers.eax: 1995635376 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630152 registers.esi: 1995838602 registers.ecx: 3375202374	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 76 1c d9 f8 7e 38 8c 4b 50 23 2f 4a 49 7e 38 7e exception.instruction: jbe 0x3be0ecb exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x3be0ead registers.esp: 1629752 registers.edi: 222900 registers.eax: 1629748 registers.ebp: 1629824 registers.edx: 1995596250 registers.ebx: 1630152 registers.esi: 256 registers.ecx: 4294967295	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc e0 81 58 7b f3 f0 8c 56 95 84 d1 d1 21 3f 65 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x3be0ee7 registers.esp: 1629784 registers.edi: 222900 registers.eax: 0 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62787297	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 00 10 ab 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [eax] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x3be0f23 registers.esp: 1629816 registers.edi: 222900 registers.eax: 937781522 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 62670294	1
__exception__ Aug. 7, 2023, 8:26 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 19 68 ae 14 2c f0 b9 31 97 6d eb e7 c8 a8 15 exception.instruction: mov dword ptr [ecx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3be0f7b registers.esp: 1629812 registers.edi: 222900 registers.eax: 0 registers.ebp: 1629824 registers.edx: 62668800 registers.ebx: 62668800 registers.esi: 1995838602 registers.ecx: 32381	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 7, 2023, 8:26 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 7, 2023, 8:26 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 7, 2023, 8:26 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 7, 2023, 8:26 a.m.	process_identifier: 2544 region_size: 59543552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c40000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\bortrationaliserings\Saban\Sekundaere\Banktilsynet\vsockver.dll
file	C:\Users\test22\AppData\Local\Temp\nsbEFEE.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsbEFEE.tmp\System.dll

Communicates with host for which no DNS query was performed (1 event)

host

163.172.154.142

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Aug. 7, 2023, 8:27 a.m.	tid: 2548 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Garf.Gen.14
FireEye	Trojan.Garf.Gen.14
ALYac	Trojan.Garf.Gen.14
Cylance	unsafe
VIPRE	Trojan.Garf.Gen.14
Sangfor	Trojan.Win32.Makoob.Vyob
K7AntiVirus	Trojan ( 005903451 )
Alibaba	Trojan:Win32/Makoob.2eff783c
K7GW	Trojan ( 005903451 )
Cybereason	malicious.85025a
Arcabit	Trojan.Garf.Gen.14
Cyren	W32/Garf.OXMT-1270
Symantec	Trojan.Gen.MBT
ESET-NOD32	NSIS/Injector.ASH
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Makoob.gen
BitDefender	Trojan.Garf.Gen.14
Avast	Win32:Malware-gen
Emsisoft	Trojan.Garf.Gen.14 (B)
F-Secure	Trojan.TR/AD.NsisInject.mrucv
McAfee-GW-Edition	BehavesLike.Win32.DStudio.fc
Sophos	Mal/Generic-S
Ikarus	Trojan.NSIS.Agent
Avira	TR/AD.NsisInject.mrucv
Microsoft	Trojan:Win32/Wacatac.B!ml
ViRobot	Trojan.Win.Z.Injector.309795
ZoneAlarm	HEUR:Trojan.Win32.Makoob.gen
GData	Trojan.Garf.Gen.14
Google	Detected
AhnLab-V3	Downloader/Win.GuLoader.C5465345
McAfee	RDN/Generic Downloader.x
MAX	malware (ai score=84)
Malwarebytes	Generic.Malware/Suspicious
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H0DH523
Fortinet	NSIS/Injector.4256!tr
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (W)

Rendestene.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All