Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 30, 2024, 7:32 a.m.	April 30, 2024, 7:43 a.m.

Size	1.4MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`7e7eaa8aebc4026be3b56b965b0d8947`
SHA256	`aac11d3ff8661e14a6d7073e44f0d6ccabc436856af5faf10e761c57e8b42f71`
CRC32	`1BB92FB7`
ssdeep	`24576:qK8dbhH8s48SH3nc3zaBzz1pr+kAUXs8g/xEndP:qj5j/gXYWZz1gXU8rw`
PDB Path	C:\agent\_work\123\s\exe\x64\Release\procexp64.pdb
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Admin_Tool_IN_Zero - Admin Tool Sysinternals Malicious_Packer_Zero - Malicious Packer Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

procexp64.exe "C:\Users\test22\AppData\Local\Temp\procexp64.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

C:\agent\_work\123\s\exe\x64\Release\procexp64.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 30, 2024, 7:32 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

BINRES

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 30, 2024, 7:32 a.m.	stacktrace: 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 0x743bf860 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x743bf860 registers.r14: 0 registers.r15: 393544 registers.rcx: 393544 registers.rsi: 1 registers.r10: 0 registers.rbx: 0 registers.rsp: 3009448 registers.r11: 0 registers.r8: 1 registers.r9: 0 registers.rdx: 32767 registers.r12: 0 registers.rbp: 7977232 registers.rdi: 0 registers.rax: 3009552 registers.r13: 32767	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

April 30, 2024, 7:32 a.m.

stacktrace:

0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860
0x743bf860

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x743bf860
registers.r14: 0
registers.r15: 393544
registers.rcx: 393544
registers.rsi: 1
registers.r10: 0
registers.rbx: 0
registers.rsp: 3009448
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 32767
registers.r12: 0
registers.rbp: 7977232
registers.rdi: 0
registers.rax: 3009552
registers.r13: 32767

procexp64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All