Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 16, 2024, 7:55 a.m.	Jan. 16, 2024, 8:10 a.m.

Size	718.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`784559c7325bfc51b99ef299c4279d10`
SHA256	`8edf819407d74e9d1e0bbfa4f77d4266f358f67290c28f64295cff2ba74336d5`
CRC32	`81633D1E`
ssdeep	`12288:zbSWze9hhCZUIcyR4tBEuemgIkOo7ZjqxE7iMK7x/n5HbbvC1pAFofnA9zEGG9QJ:zbSWshgCIcLVem7kOo7tq4a/n1C1qFoc`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature NSIS_Installer - Null Soft Installer UPX_Zero - UPX packed file

bin.exe "C:\Users\test22\AppData\Local\Temp\bin.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 16, 2024, 7:55 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65536 events)

Time & API	Arguments	Status
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 12 77 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lgdt ptr [edx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x408ac43 registers.esp: 58324248 registers.edi: 229808 registers.eax: 5765640 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 1995838602 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7d 18 1e 55 b1 b3 8f 20 08 3b 83 ef 9c e3 ad ee exception.instruction: jge 0x408acaf exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x408ac95 registers.esp: 58324240 registers.edi: 229808 registers.eax: 490743722 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 58324236 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7b 18 b3 24 d4 77 77 10 d7 7a 15 d2 18 c2 6f 29 exception.instruction: jnp 0x408ad0b exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x408acf1 registers.esp: 58324240 registers.edi: 256 registers.eax: 58324236 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 1995838602 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 78 16 61 94 db d7 1b 17 9b 2c 80 07 00 cf be 0c exception.instruction: js 0x408ad55 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x408ad3d registers.esp: 58324240 registers.edi: 229808 registers.eax: 1756870239 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 256 registers.ecx: 58324236	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 33 a0 ec 35 79 6a b8 aa 18 26 43 98 b1 9c ee exception.instruction: mov dword ptr [ebx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x408ad8f registers.esp: 58324240 registers.edi: 229808 registers.eax: 8192 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 48237 registers.esi: 1995838602 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 31 fa 80 94 6e 11 61 c4 4c 5a 37 ba 71 44 1c exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a73ca registers.esp: 58324236 registers.edi: 229808 registers.eax: 5765640 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 1995838602 registers.ecx: 39015	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 43 72 25 5a 3a e9 1b 5a 95 50 df eb 11 68 f2 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a73e8 registers.esp: 58324204 registers.edi: 229808 registers.eax: 5765640 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 1995838602 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 c2 71 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmlaunch exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x40a740a registers.esp: 58324204 registers.edi: 229808 registers.eax: 5765640 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 1995838602 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 18 8d 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [eax] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7446 registers.esp: 58324204 registers.edi: 229808 registers.eax: 5765640 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 1995838602 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 00 a7 5f c3 dd ca 43 29 cb b1 cd e0 34 ff 75 exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7485 registers.esp: 58324196 registers.edi: 229808 registers.eax: 24635 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 1995838602 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7c 0b 80 77 ac f5 50 18 1f 43 31 87 d2 4e bb db exception.instruction: jl 0x40a74eb exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a74de registers.esp: 58324192 registers.edi: 229808 registers.eax: 5765640 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 256 registers.esi: 58324188 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3e f1 25 76 e1 2e 0a 8b 41 ee dd be 30 8e 79 exception.instruction: mov dword ptr [esi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7548 registers.esp: 58324192 registers.edi: 229808 registers.eax: 5765640 registers.ebp: 58324248 registers.edx: 67674112 registers.ebx: 67674112 registers.esi: 52631 registers.ecx: 67677176	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 05 f5 61 bb 5e c1 27 7a 30 c0 6d f8 bb c0 79 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a757a registers.esp: 58324196 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 3729242997 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7b 20 86 8d 70 dc 56 ac 36 8c 4f ad 36 03 85 f8 exception.instruction: jnp 0x40a75dc exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a75ba registers.esp: 58324188 registers.edi: 58324184 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 3729242997 registers.esi: 256 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 12 a1 ed a9 e7 8d 20 e6 e0 76 4f b9 1c 6d 13 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a75fa registers.esp: 58324196 registers.edi: 1207982873 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 3729242997 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3b 46 7d 27 a4 d0 f6 62 5c 67 39 a3 40 87 dc exception.instruction: mov dword ptr [ebx], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7635 registers.esp: 58324204 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 46293 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 02 aa 26 1c a7 81 78 45 e2 65 d3 69 03 58 d4 exception.instruction: mov dword ptr [edx], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7688 registers.esp: 58324204 registers.edi: 2186613104 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 24378 registers.ebx: 3729242997 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc af 73 31 03 a5 df 97 98 05 07 92 a8 45 36 8b exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a76b8 registers.esp: 58324204 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 3729242997 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 08 f5 a2 86 e2 d2 73 3a f5 21 6d b8 4d ea 82 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a76f7 registers.esp: 58324200 registers.edi: 229808 registers.eax: 44727 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 3729242997 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 03 60 f7 9e 68 ed b3 2d d3 ca 36 1f 49 7a 33 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a7730 registers.esp: 58324200 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 3729242997 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 31 cd 33 1b c2 4f 2f b8 ff 06 73 35 3b 83 3b exception.instruction: mov dword ptr [ecx], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7773 registers.esp: 58324196 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 3729242997 registers.esi: 1995838602 registers.ecx: 42218	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 00 da ec 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: ltr dx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x40a7791 registers.esp: 58324200 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324248 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 40 a9 7c 6c 59 42 e1 fe e7 d2 86 7c 4b 2f 2e exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a77af registers.esp: 58324200 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 3501302534 registers.ebx: 58324248 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 75 19 43 b2 28 c2 f1 ff 6a ee 36 5c d8 8c 97 2c exception.instruction: jne 0x40a7823 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7808 registers.esp: 58324192 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 58324188 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 73 17 9e 7e 56 10 fb be 2f 68 d4 22 f7 d3 03 e2 exception.instruction: jae 0x40a786f exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7856 registers.esp: 58324192 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 58324188	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7c 1f 01 e2 40 de fb c3 c2 cc f3 81 1d 95 92 cd exception.instruction: jl 0x40a78e1 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a78c0 registers.esp: 58324188 registers.edi: 256 registers.eax: 58324572 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 58324184	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 1f 93 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [edi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a78f1 registers.esp: 58324196 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 42 9c 37 19 52 96 ed fd 76 48 69 a0 13 6b d9 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a7968 registers.esp: 58324196 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 74 02 a1 d1 0a 31 6b bc 79 74 59 6c 7f dc 2c c1 exception.instruction: je 0x40a79cd exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a79c9 registers.esp: 58324188 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 58324184 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 30 a4 04 ec 0d 7d b1 08 74 7c 32 1d 92 f4 5a exception.instruction: mov dword ptr [eax], esi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7a18 registers.esp: 58324192 registers.edi: 1984150902 registers.eax: 41210 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 c4 dc 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmxoff exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x40a7a3a registers.esp: 58324196 registers.edi: 1984150902 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 f0 1f 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lmsw ax exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x40a7a6b registers.esp: 58324196 registers.edi: 2044203374 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7b 11 4d 80 18 bd 2f 7e 65 d0 6d c4 07 b7 2d 7a exception.instruction: jnp 0x40a7ac2 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7aaf registers.esp: 58324188 registers.edi: 2044203374 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 58324184 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 256	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7a 0a 2c c4 bc 23 de 7f 85 31 68 c4 05 db f9 55 exception.instruction: jp 0x40a7b13 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7b07 registers.esp: 58324184 registers.edi: 256 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 58324180	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 1e 87 ba ac cb 79 75 55 22 6c b5 5f 9d 5b 49 exception.instruction: mov dword ptr [esi], ebx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7b6c registers.esp: 58324188 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 9314 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 00 05 1c 00 33 1c 74 6b a1 22 8c b7 ea 8b af exception.instruction: mov dword ptr [eax], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7bbd registers.esp: 58324188 registers.edi: 229808 registers.eax: 1894 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 76 16 a3 ae c5 14 b0 39 a6 f5 50 27 5c 01 08 6d exception.instruction: jbe 0x40a7c29 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7c11 registers.esp: 58324184 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 58324180 registers.ebx: 256 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f c7 3b b0 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: vmptrst qword ptr [ebx] exception.exception_code: 0xc000001d exception.symbol: exception.address: 0x40a7c3e registers.esp: 58324192 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 78 27 13 6e c7 ac 6d b9 96 a5 51 2c d8 29 f6 78 exception.instruction: js 0x40a7ca3 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7c7a registers.esp: 58324184 registers.edi: 229808 registers.eax: 256 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 58324180 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 07 e1 41 96 89 a0 c4 38 b4 b7 68 71 8b 51 02 exception.instruction: mov dword ptr [edi], eax exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7cd1 registers.esp: 58324188 registers.edi: 19222 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 4119834941 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 1f 6c 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [edi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7d0a registers.esp: 58324192 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324572 registers.esi: 4 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 74 11 d2 6c ab 7d 88 37 ed a8 a6 0b bb cf 7b 1e exception.instruction: je 0x40a7d58 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7d45 registers.esp: 58324184 registers.edi: 229808 registers.eax: 58324180 registers.ebp: 58324248 registers.edx: 256 registers.ebx: 58324572 registers.esi: 4 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 09 97 ae c7 5f d8 0e 5c e1 8c 1c 56 a6 24 31 exception.instruction: mov dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7d92 registers.esp: 58324188 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324576 registers.esi: 1995838602 registers.ecx: 1719	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 7b 1c e3 40 71 a7 90 57 8b ba 5c b8 69 45 9c c9 exception.instruction: jnp 0x40a7df5 exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x40a7dd7 registers.esp: 58324180 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 256 registers.esi: 58324176 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc 7d 09 4e 1a 44 f6 c3 31 7b 13 f1 74 b3 33 d2 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a7e11 registers.esp: 58324188 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324576 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 89 3f 7c a3 dd 16 ad f4 61 f5 34 88 eb 57 0b 06 exception.instruction: mov dword ptr [edi], edi exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7e57 registers.esp: 58324180 registers.edi: 24085 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324576 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: cc a3 3f 6a 3d 05 c8 fb 49 d8 b7 8a 66 43 16 66 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x40a7e8d registers.esp: 58324184 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324576 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 18 69 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lidt ptr [eax] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40a7eb7 registers.esp: 58324184 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324576 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 00 d9 33 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: ltr cx exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x40a7ee3 registers.esp: 58324180 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324576 registers.esi: 1995838602 registers.ecx: 182	1
__exception__ Jan. 16, 2024, 7:55 a.m.	stacktrace: DbgUserBreakPoint-0x10008 ntdll+0x0 @ 0x76f10000 GetWindow+0x1fc SendMessageW-0x20f user32+0x1946a @ 0x7585946a exception.instruction_r: 0f 01 12 14 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: lgdt ptr [edx] exception.exception_code: 0xc0000096 exception.symbol: exception.address: 0x40a7f10 registers.esp: 58324180 registers.edi: 229808 registers.eax: 1995635376 registers.ebp: 58324248 registers.edx: 1995596250 registers.ebx: 58324576 registers.esi: 1995838602 registers.ecx: 182	1

Allocates read-write-execute memory (usually to unpack itself) (4 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Jan. 16, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 16, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73925000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 16, 2024, 7:55 a.m.	process_identifier: 2544 region_size: 18718720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x039c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 16, 2024, 7:55 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f20000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\nstF34A.tmp\System.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\nstF34A.tmp\System.dll

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Jan. 16, 2024, 7:55 a.m.	tid: 2636 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

bin.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All