Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 11, 2023, 8:51 a.m.	Aug. 11, 2023, 8:58 a.m.

Size	311.6KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`2894a2b884b3eae1a82c6203be7cb747`
SHA256	`89ee19de620f1b39fc89626aa3047f8121acf434a1b0d3d57b5f31d6c05df465`
CRC32	`C7B84368`
ssdeep	`6144:kjV2Hj05/QVHmdkSEX8JFw2NXkYtm3/Yc/XNk3GMt1PDW:nD09oGTDfZ5tmvYWCX`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

koob7.exe "C:\Users\test22\AppData\Local\Temp\koob7.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 11, 2023, 8:51 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 12 39 61 5c e4 7b c8 c4 44 d0 16 eb b8 4e 2e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x757f171 registers.esp: 1630896 registers.edi: 215268 registers.eax: 1868401992 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f c7 3b 43 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x757f193 registers.esp: 1630896 registers.edi: 215268 registers.eax: 2657358323 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 6b 8c 85 43 8b 98 b9 a5 f6 ca ec 20 e2 f1 83 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x759872b registers.esp: 1630884 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 66 0f c7 30 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [eax] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x759874b registers.esp: 1630888 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 77 03 c7 24 11 f7 d5 48 6b 40 4f 08 be f7 4b 59 exception.instruction: ja 0x7598793 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x759878e registers.esp: 1630848 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 256 registers.ebx: 123199488 registers.esi: 1630844 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 0e 0c eb 6d 94 d2 55 12 9c c8 b9 4a 42 79 3f exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x75987db registers.esp: 1630852 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 8314 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 0e fb dc 69 8d 6a 27 3b 3e c4 93 77 f2 8e 9f exception.instruction: jne 0x7598837 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7598827 registers.esp: 1630844 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 1630840 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 32 bd b9 d6 4c c8 eb 23 dc cf e3 e6 ce 3b 2d exception.instruction: mov dword ptr [edx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7598882 registers.esp: 1630848 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 6933 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 00 10 38 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [eax] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x75988ad registers.esp: 1630852 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f c7 30 15 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrld qword ptr [eax] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x75988f0 registers.esp: 1630848 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: f3 0f c7 32 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmxon qword ptr [edx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x7598914 registers.esp: 1630848 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7c 03 15 0b 70 7c 6f d0 5d b7 33 55 0d 26 bc 50 exception.instruction: jl 0x7598978 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7598973 registers.esp: 1630840 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 256 registers.ebx: 123199488 registers.esi: 1630836 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 07 b8 44 e3 81 e4 50 23 85 e5 dd 0b 13 fd f9 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x75989ca registers.esp: 1630840 registers.edi: 5784 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 16 f6 09 d5 cc 89 4c 00 a6 45 a2 95 bb e3 fa exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x75989f2 registers.esp: 1630844 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 123199488 registers.esi: 1995838602 registers.ecx: 123203888	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 7b 1c 54 14 eb f9 a7 77 7a 81 9a 47 73 ba 42 7a exception.instruction: jnp 0x7598a63 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7598a45 registers.esp: 1630836 registers.edi: 215268 registers.eax: 6529088 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 1630832 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 0d c2 73 3b c4 66 32 ae 18 3b 47 c7 28 fe 1a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7598a87 registers.esp: 1630844 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 77 19 b9 99 49 44 50 9a 44 b7 71 e4 56 3a 16 eb exception.instruction: ja 0x7598aec exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7598ad1 registers.esp: 1630836 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 1630832 registers.ecx: 256	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: f3 0f c7 33 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmxon qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x7598b1a registers.esp: 1630844 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 71 22 76 3e 8b 50 7d 11 b7 6f 3d 68 89 bb eb 74 exception.instruction: jno 0x7598b91 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7598b6d registers.esp: 1630836 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1630832 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc d3 35 01 a7 44 84 94 e3 44 f0 cb 50 5d 0c 79 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7598baa registers.esp: 1630855 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 3a a3 c1 ed 44 88 4f ff b0 70 06 89 2d f0 88 exception.instruction: mov dword ptr [edx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7598be8 registers.esp: 1630848 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1421 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 1e dc ef 0f e3 44 4e 2f b8 5b e4 8f d9 69 1b exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7598c2d registers.esp: 1630848 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 56431 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f c7 3f 6e 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [edi] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x7598c58 registers.esp: 1630852 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 75 19 17 f0 29 97 fd 83 6d 24 86 86 09 f4 33 78 exception.instruction: jne 0x7598cbb exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7598ca0 registers.esp: 1630844 registers.edi: 215268 registers.eax: 1630840 registers.ebp: 1630896 registers.edx: 256 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 69 a2 31 29 05 64 ee f3 05 b2 ca 17 a5 9c 54 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7598ceb registers.esp: 1630852 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 3564062711	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 32 91 2f 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: rdmsr exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x7598d0f registers.esp: 1630848 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 3226270871 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc bb f3 01 82 e8 24 2b c3 c8 a9 db 4d 11 1c bf exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7598d3a registers.esp: 1630848 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1630896 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 39 82 0e d7 df 88 91 9b ee c1 59 57 78 05 51 exception.instruction: mov dword ptr [ecx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7598d85 registers.esp: 1630844 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1630896 registers.esi: 1995838602 registers.ecx: 26091	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 66 0f c7 32 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [edx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x7598da8 registers.esp: 1630848 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 00 10 3c 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [eax] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x7598dcb registers.esp: 1630844 registers.edi: 1631220 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 8e e4 51 58 70 b9 1c e6 b0 b6 6d 0b 8a fb 59 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7598df3 registers.esp: 1630844 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 00 37 09 49 e0 57 6f c1 e8 e8 d8 99 a0 c8 8b exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7598e39 registers.esp: 1630836 registers.edi: 215268 registers.eax: 54812 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f c7 33 78 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrld qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x7598e64 registers.esp: 1630840 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 00 12 60 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [edx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x7598e91 registers.esp: 1630840 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 77 0d 96 c7 20 a6 46 56 51 78 ce 32 e3 6e be db exception.instruction: ja 0x7598f18 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x7598f09 registers.esp: 1630832 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1630828 registers.esi: 256 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 18 77 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [eax] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7598f5a registers.esp: 1630840 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 3438529495 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc d4 73 a8 3c 74 43 3c 7e d4 a0 b5 a5 5e b4 84 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7598f7c registers.esp: 1630840 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 3438529495 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 02 06 86 f8 47 3c dd 59 b1 3c 0b 8f b3 33 b9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7598fa0 registers.esp: 1630840 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 2073325798 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 09 bb 39 be 13 78 6c d9 2e 4f 9f 05 06 ef e2 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7598ff3 registers.esp: 1630836 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631220 registers.esi: 4 registers.ecx: 17780	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc fa 27 4f ab 56 5a f0 d3 5f 30 63 b0 a2 87 8f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x759902b registers.esp: 1630840 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 6a 12 ad e4 27 69 23 58 cb 67 01 6d 6a ba d4 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x7599063 registers.esp: 1630836 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1631224 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 c4 ed 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmxoff exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x7599086 registers.esp: 1630836 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 9b ce 59 d3 04 76 72 e5 64 af 5c 0b 70 73 e6 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x75990ac registers.esp: 1630836 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc f6 6f 0d 4c bc e4 ee d8 6b e3 e0 f0 9c 6e bc exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x75990d7 registers.esp: 1630832 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 16 34 0d 9e c1 0e a0 c0 a9 67 93 15 9f 33 c1 exception.instruction: mov dword ptr [esi], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7599111 registers.esp: 1630828 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 22383 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 0f 01 1b 25 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [ebx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7599147 registers.esp: 1630832 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc f0 98 3a 31 50 7b 8a 6e 76 4f 5d 55 21 a1 3f exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x759917d registers.esp: 1630832 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 89 12 10 66 59 f2 1d 65 49 15 b9 b0 7c 85 a9 c2 exception.instruction: mov dword ptr [edx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x75991c6 registers.esp: 1630828 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 32025 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: cc 37 2a 88 1c 91 5d d7 2d 70 5f 41 de d7 1c 5a exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x75991f4 registers.esp: 1630828 registers.edi: 215268 registers.eax: 1995635376 registers.ebp: 1630896 registers.edx: 1995596250 registers.ebx: 1631224 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Aug. 11, 2023, 8:51 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa exception.instruction_r: 74 1f aa 1f a7 32 6e 0d 22 23 ba 4e e1 83 9e 4c exception.instruction: je 0x759927c exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x759925b registers.esp: 1630880 registers.edi: 215268 registers.eax: 1630876 registers.ebp: 1630896 registers.edx: 123199488 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 123203888	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 11, 2023, 8:51 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73342000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 11, 2023, 8:51 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 11, 2023, 8:51 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 11, 2023, 8:51 a.m.	process_identifier: 2552 region_size: 91242496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x033e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsxEE0A.tmp\System.dll

Creates a shortcut to an executable file (1 event)

file	C:\ProgramData\hemidactylous\indbetalingerne.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nsxEE0A.tmp\System.dll

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Aug. 11, 2023, 8:52 a.m.	tid: 2556 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

koob7.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All