Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 11, 2023, 10:55 a.m.	Oct. 11, 2023, 10:57 a.m.

Size	959.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`40a0594721777a253cd4481267194ff9`
SHA256	`083ebd4988019f0a9d946f19c96206a799b9d5a522948b32ba3561096ad45c93`
CRC32	`5A2499F5`
ssdeep	`24576:6pqjrStqYATp4ULBA3P25UCrcs6gjgyp/5gCl5DfHq3:ljrTVTpZBpv//p/5gqlq`
Yara	Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description)

REQUEST FOR OFFER.exe "C:\Users\test22\AppData\Local\Temp\REQUEST FOR OFFER.exe"
2536

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 11, 2023, 10:55 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 1e e2 aa 59 48 4a 87 9e a4 3e 3a 34 60 30 cb exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x42fabfa registers.esp: 65140584 registers.edi: 157200 registers.eax: 5831336 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 19900 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc ea 46 a7 ca 9d 45 fb f4 77 3c 61 75 9b bb 10 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x42fac20 registers.esp: 65140588 registers.edi: 157200 registers.eax: 5831336 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 66 0f c7 33 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x430c14a registers.esp: 65140548 registers.edi: 157200 registers.eax: 5831336 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 1b 6e 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [ebx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c175 registers.esp: 65140548 registers.edi: 157200 registers.eax: 5831336 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 71 18 ca 69 73 ea 40 6b 02 f1 93 98 dc 0c 7f 23 exception.instruction: jno 0x430c1e8 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c1ce registers.esp: 65140540 registers.edi: 157200 registers.eax: 256 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140536 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 66 0f c7 31 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmclear qword ptr [ecx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x430c217 registers.esp: 65140540 registers.edi: 157200 registers.eax: 5831336 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 07 3f d1 43 be 3c 91 9c 79 92 4a 26 32 99 21 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c29e registers.esp: 65140536 registers.edi: 6256 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 2256842837 registers.esi: 1995838602 registers.ecx: 12	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 00 17 84 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lldt word ptr [edi] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x430c2e7 registers.esp: 65140552 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 3821734951 registers.ebx: 2256842837 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc b9 57 41 fd 9e d4 a1 8b 6b da 6b 73 47 b4 2e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c321 registers.esp: 65140552 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 4 registers.ebx: 2256842837 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 6b f2 81 4b ea 3c 88 46 33 0a a4 22 96 1d 86 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c352 registers.esp: 65140552 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 4 registers.ebx: 2256842837 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 19 0a 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c381 registers.esp: 65140548 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 2256842837 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 85 a6 11 c5 5c 84 19 29 df 2a 72 72 19 77 56 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c3b3 registers.esp: 65140548 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 2256842837 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 00 da c9 0b b3 8a e1 3f f4 54 2d 77 6d 9c 10 exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c40a registers.esp: 65140544 registers.edi: 157200 registers.eax: 8820 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 12288 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7a 24 62 af 59 f8 fd d9 e8 97 f5 df a9 8d 51 58 exception.instruction: jp 0x430c51b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c4f5 registers.esp: 65140528 registers.edi: 157200 registers.eax: 256 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 65140916 registers.esi: 1995838602 registers.ecx: 65140524	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f c7 39 97 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [ecx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x430c548 registers.esp: 65140532 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 65140920 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 71 12 0c b0 fb 15 3b 64 08 1b 99 cc 24 af 6b ea exception.instruction: jno 0x430c5ad exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c599 registers.esp: 65140524 registers.edi: 65140520 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f c7 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrld qword ptr [eax] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x430c5d7 registers.esp: 65140532 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 65140920 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 20 c3 cf db ba e7 9e d9 d4 c7 d6 45 85 b6 ff exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c614 registers.esp: 65140532 registers.edi: 157200 registers.eax: 1995635376 registers.ebp: 65140592 registers.edx: 1995596250 registers.ebx: 65140920 registers.esi: 4294967295 registers.ecx: 182	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 00 00 a3 7b f9 a5 60 7e ec b5 47 ad da 34 db exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c666 registers.esp: 65140580 registers.edi: 157200 registers.eax: 38103 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 1a c4 59 81 0e d4 e6 dc 1e 62 d2 30 c5 5b 01 exception.instruction: mov dword ptr [edx], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c6c5 registers.esp: 65140580 registers.edi: 157200 registers.eax: 1753876762 registers.ebp: 65140592 registers.edx: 29608 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bb de 0b 63 71 30 f2 24 86 3c 99 19 3f f2 09 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c6ff registers.esp: 65140584 registers.edi: 157200 registers.eax: 0 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 11 f8 fd c7 8b 2f 25 07 a0 23 48 c8 e6 bd 0b exception.instruction: mov dword ptr [ecx], edx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c748 registers.esp: 65140580 registers.edi: 157200 registers.eax: 0 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 70233021 registers.ecx: 13791	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 0e 0b fa 05 c8 00 74 e3 e2 d7 e5 a3 b9 28 c2 exception.instruction: mov dword ptr [esi], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x430c791 registers.esp: 65140576 registers.edi: 157200 registers.eax: 0 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 32332 registers.ecx: 70233021	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 4 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 4 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349444	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 4 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 8 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 8 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349448	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 8 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 12 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 12 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349452	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 12 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 16 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 16 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349456	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 16 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 20 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 20 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349460	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 20 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 24 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 24 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349464	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 24 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 28 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 28 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349468	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 28 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 32 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 32 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349472	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 32 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 08 c4 24 f2 cb 15 c2 91 06 d7 71 5e 17 3a a5 exception.instruction: jbe 0x430c845 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c83b registers.esp: 65140572 registers.edi: 157200 registers.eax: 36 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 65140568 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc bf f1 2c fd 54 c2 61 24 4f 30 ff a7 1f e1 c0 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x430c87e registers.esp: 65140580 registers.edi: 157200 registers.eax: 36 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 1995838602 registers.ecx: 76349476	1
__exception__ Oct. 11, 2023, 10:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7f 03 7f e5 2b 06 b5 20 6b 9d 51 c5 b2 3c 12 db exception.instruction: jg 0x430c8f1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x430c8ec registers.esp: 65140572 registers.edi: 157200 registers.eax: 36 registers.ebp: 65140592 registers.edx: 70230016 registers.ebx: 70230016 registers.esi: 65140568 registers.ecx: 256	1

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 11, 2023, 10:55 a.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73272000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 11, 2023, 10:55 a.m.	process_identifier: 2536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 11, 2023, 10:55 a.m.	process_identifier: 2536 region_size: 10727424 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03e90000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nswF415.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nswF415.tmp\System.dll

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Bkav	W32.AIDetectMalware
Elastic	malicious (high confidence)
Kaspersky	UDS:Backdoor.Win32.Androm.gen
Kingsoft	malware.kb.a.835
ZoneAlarm	UDS:Backdoor.Win32.Androm.gen
Microsoft	Trojan:Win32/Wacatac.B!ml
Cylance	unsafe

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Oct. 11, 2023, 10:56 a.m.	tid: 2636 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

REQUEST FOR OFFER.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All