Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Dec. 11, 2023, 3:20 p.m.	Dec. 11, 2023, 3:24 p.m.

Size	1.3MB
Type	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
MD5	`7f5108b2158d537f11fd88886c1c047c`
SHA256	`da5406c85fcfa394d19d96f77a175539058119cbb86159ca57adcdf79d426ca8`
CRC32	`3D2D1270`
ssdeep	`24576:u04UC9QcZwrl1gRO8yka3kjUS26U0cGt2C+2O2vabq6QmKZCX:cLwwkjka0RNpPMys`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) hide_executable_file - Hide executable file UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Nnyphhamc.exe "C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe"
1448

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
51.79.32.112	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 11, 2023, 3:20 p.m.			0	0
IsDebuggerPresent Dec. 11, 2023, 3:20 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey Dec. 11, 2023, 3:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00000000007c12c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Dec. 11, 2023, 3:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00000000007c12c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Dec. 11, 2023, 3:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00000000007c12c0 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Dec. 11, 2023, 3:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001af6f990 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Dec. 11, 2023, 3:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001af6f990 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Dec. 11, 2023, 3:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001af6f990 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 11, 2023, 3:20 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (50 out of 95 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 1835008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000b90000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000cd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef3c3b000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002470000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002560000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef35a4000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e0a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e1c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93ebc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93ee6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93ec0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f31000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e0b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e1d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e1e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f33000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f34000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e2b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e1a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e5c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e2d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f35000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f36000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93e02000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f37000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f38000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f39000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 1448 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe93f3a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0014a400', u'virtual_address': u'0x00002000', u'entropy': 7.387073863303804, u'name': u'.text', u'virtual_size': u'0x0014a2e0'}

entropy

7.3870738633

description

A section with a high entropy has been found

entropy

0.998865784499

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Dec. 11, 2023, 3:20 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Communicates with host for which no DNS query was performed (1 event)

host

51.79.32.112

Allocates execute permission to another process indicative of possible code injection (10 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2324 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000000000024c	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2360 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000250	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2396 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000258	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2436 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000260	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2480 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000268	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2532 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000270	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2572 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000278	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2620 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000280	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2656 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000288	-1073741800
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2692 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000290	-1073741800

Manipulates memory of a non-child process indicative of process injection (30 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 1448 manipulating memory of non-child process 2324
Process injection	Process 1448 manipulating memory of non-child process 2360
Process injection	Process 1448 manipulating memory of non-child process 2396
Process injection	Process 1448 manipulating memory of non-child process 2436
Process injection	Process 1448 manipulating memory of non-child process 2480
Process injection	Process 1448 manipulating memory of non-child process 2532
Process injection	Process 1448 manipulating memory of non-child process 2572
Process injection	Process 1448 manipulating memory of non-child process 2620
Process injection	Process 1448 manipulating memory of non-child process 2656
Process injection	Process 1448 manipulating memory of non-child process 2692
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2265088 process_identifier: 2324 process_handle: 0x000000000000024c	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2324 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000000000024c	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2461696 process_identifier: 2360 process_handle: 0x0000000000000250	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2360 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000250	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3051520 process_identifier: 2396 process_handle: 0x0000000000000258	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2396 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000258	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3313664 process_identifier: 2436 process_handle: 0x0000000000000260	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2436 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000260	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2461696 process_identifier: 2480 process_handle: 0x0000000000000268	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2480 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000268	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2134016 process_identifier: 2532 process_handle: 0x0000000000000270	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2532 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000270	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3379200 process_identifier: 2572 process_handle: 0x0000000000000278	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2572 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000278	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3510272 process_identifier: 2620 process_handle: 0x0000000000000280	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2620 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000280	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2527232 process_identifier: 2656 process_handle: 0x0000000000000288	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2656 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000288	-1073741800	0
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2985984 process_identifier: 2692 process_handle: 0x0000000000000290	-1073741799	0
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2692 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000290	-1073741800	0

Executed a process and injected code into it, probably while unpacking (44 events)

Time & API	Arguments	Status	Return
NtResumeThread Dec. 11, 2023, 3:20 p.m.	thread_handle: 0x00000000000000c4 suspend_count: 1 process_identifier: 1448	1	0
NtResumeThread Dec. 11, 2023, 3:20 p.m.	thread_handle: 0x0000000000000138 suspend_count: 1 process_identifier: 1448	1	0
NtResumeThread Dec. 11, 2023, 3:20 p.m.	thread_handle: 0x0000000000000178 suspend_count: 1 process_identifier: 1448	1	0
NtResumeThread Dec. 11, 2023, 3:20 p.m.	thread_handle: 0x0000000000000220 suspend_count: 1 process_identifier: 1448	1	0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2328 thread_handle: 0x0000000000000248 process_identifier: 2324 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x000000000000024c	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2265088 process_identifier: 2324 process_handle: 0x000000000000024c		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2324 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000000000024c		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2324 process_handle: 0x000000000000024c		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2364 thread_handle: 0x0000000000000254 process_identifier: 2360 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000250	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2461696 process_identifier: 2360 process_handle: 0x0000000000000250		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2360 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000250		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2360 process_handle: 0x0000000000000250		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2400 thread_handle: 0x000000000000025c process_identifier: 2396 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000258	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3051520 process_identifier: 2396 process_handle: 0x0000000000000258		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2396 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000258		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2396 process_handle: 0x0000000000000258		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2440 thread_handle: 0x0000000000000264 process_identifier: 2436 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000260	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3313664 process_identifier: 2436 process_handle: 0x0000000000000260		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2436 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000260		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2436 process_handle: 0x0000000000000260		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2484 thread_handle: 0x000000000000026c process_identifier: 2480 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000268	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2461696 process_identifier: 2480 process_handle: 0x0000000000000268		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2480 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000268		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2480 process_handle: 0x0000000000000268		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2536 thread_handle: 0x0000000000000274 process_identifier: 2532 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000270	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2134016 process_identifier: 2532 process_handle: 0x0000000000000270		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2532 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000270		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2532 process_handle: 0x0000000000000270		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2576 thread_handle: 0x000000000000027c process_identifier: 2572 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000278	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3379200 process_identifier: 2572 process_handle: 0x0000000000000278		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2572 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000278		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2572 process_handle: 0x0000000000000278		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2624 thread_handle: 0x0000000000000284 process_identifier: 2620 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000280	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 3510272 process_identifier: 2620 process_handle: 0x0000000000000280		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2620 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000280		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2620 process_handle: 0x0000000000000280		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2660 thread_handle: 0x000000000000028c process_identifier: 2656 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000288	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2527232 process_identifier: 2656 process_handle: 0x0000000000000288		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2656 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000288		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2656 process_handle: 0x0000000000000288		0
CreateProcessInternalW Dec. 11, 2023, 3:20 p.m.	thread_identifier: 2696 thread_handle: 0x0000000000000294 process_identifier: 2692 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Nnyphhamc.exe filepath_r: stack_pivoted: 0 creation_flags: 12 (CREATE_SUSPENDED\|DETACHED_PROCESS) inherit_handles: 1 process_handle: 0x0000000000000290	1	1
NtUnmapViewOfSection Dec. 11, 2023, 3:20 p.m.	base_address: 0x0000000000400000 region_size: 2985984 process_identifier: 2692 process_handle: 0x0000000000000290		-1073741799
NtAllocateVirtualMemory Dec. 11, 2023, 3:20 p.m.	process_identifier: 2692 region_size: 696320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000290		-1073741800
WriteProcessMemory Dec. 11, 2023, 3:20 p.m.	buffer: base_address: 0x0000000000400000 process_identifier: 2692 process_handle: 0x0000000000000290		0

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W64.AIDetectMalware.CS
Lionic	Trojan.Win32.Seraph.a!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.MSILHeracles.129153
Skyhigh	BehavesLike.Win64.Generic.tc
Malwarebytes	Generic.Malware/Suspicious
Sangfor	Downloader.Msil.Seraph.V93y
Alibaba	TrojanDownloader:MSIL/Seraph.55474c29
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of MSIL/GenKryptik.GQZZ
ClamAV	Win.Trojan.EmbeddedDotNetBinary-9940868-0
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
BitDefender	Gen:Variant.MSILHeracles.129153
Avast	Win64:PWSX-gen [Trj]
Tencent	Malware.Win32.Gencirc.13f96aa9
Ad-Aware	Gen:Variant.MSILHeracles.129153
Emsisoft	Gen:Variant.MSILHeracles.129153 (B)
F-Secure	Heuristic.HEUR/AGEN.1325431
DrWeb	Trojan.Inject4.30942
VIPRE	Gen:Variant.MSILHeracles.129153
TrendMicro	Trojan.Win64.SMOKELOADER.YXDLIZ
FireEye	Gen:Variant.MSILHeracles.129153
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
MAX	malware (ai score=80)
Google	Detected
Avira	HEUR/AGEN.1325431
Varist	W64/MSIL_Kryptik.KGB.gen!Eldorado
Kingsoft	MSIL.Trojan-Downloader.Seraph.gen
Microsoft	Trojan:Win32/Znyonm
Gridinsoft	Ransom.Win64.Wacatac.sa
Arcabit	Trojan.MSILHeracles.D1F881
ZoneAlarm	HEUR:Trojan-Downloader.MSIL.Seraph.gen
GData	Win64.Trojan.Agent.0H9BB8
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.Generic.C5561116
ALYac	Gen:Variant.MSILHeracles.129153
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win64.SMOKELOADER.YXDLIZ
Ikarus	Trojan.MSIL.Inject
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/GenKryptik.GQYL!tr
AVG	Win64:PWSX-gen [Trj]
DeepInstinct	MALICIOUS

Nnyphhamc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All