Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 9, 2024, 9:10 a.m.	June 9, 2024, 9:17 a.m.

Size	1.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e9ba4168fb1c8e4a8a3a69c4968abb3`
SHA256	`9604ac38cf5bf34cc877112161a0186ce99f91ccbfc52edb1dd145d565eab50d`
CRC32	`7470ECC3`
ssdeep	`24576:oN1ZRQTJR1uOR070PMgyErZ2AkMfKKowQEBaWnBCqZFrU0W0RKLfwi3:UZRQTFn0QPMgVMMyKolEBaWntZFguMLN`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)

sila.exe "C:\Users\test22\AppData\Local\Temp\sila.exe"
840
- schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
  2500
- schtasks.exe schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
  2608

Name	Response	Post-Analysis Lookup
ipinfo.io	A 34.117.186.192	34.117.186.192
db-ip.com	A 104.26.5.15 A 104.26.4.15 A 172.67.75.166	172.67.75.166

IP Address	Status	Action
147.45.47.126	Active	Moloch
164.124.101.2	Active	Moloch
172.67.75.166	Active	Moloch
34.117.186.192	Active	Moloch
45.33.6.223	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 147.45.47.126:58709 -> 192.168.56.103:49165	2400022	ET DROP Spamhaus DROP Listed Traffic Inbound group 23	Misc Attack
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2049060	ET MALWARE RisePro TCP Heartbeat Packet	A Network Trojan was detected
TCP 192.168.56.103:49168 -> 172.67.75.166:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 147.45.47.126:58709 -> 192.168.56.103:49165	2046266	ET MALWARE [ANY.RUN] RisePro TCP (Token)	A Network Trojan was detected
TCP 192.168.56.103:49166 -> 34.117.186.192:443	2025331	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49166 -> 34.117.186.192:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49166 -> 34.117.186.192:443	2025331	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2046269	ET MALWARE [ANY.RUN] RisePro TCP (Activity)	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2046269	ET MALWARE [ANY.RUN] RisePro TCP (Activity)	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2049060	ET MALWARE RisePro TCP Heartbeat Packet	A Network Trojan was detected
TCP 147.45.47.126:58709 -> 192.168.56.103:49165	2046267	ET MALWARE [ANY.RUN] RisePro TCP (External IP)	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2049060	ET MALWARE RisePro TCP Heartbeat Packet	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2046270	ET MALWARE [ANY.RUN] RisePro TCP (Exfiltration)	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2049661	ET MALWARE RisePro CnC Activity (Inbound)	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2049661	ET MALWARE RisePro CnC Activity (Inbound)	A Network Trojan was detected
TCP 192.168.56.103:49165 -> 147.45.47.126:58709	2046269	ET MALWARE [ANY.RUN] RisePro TCP (Activity)	A Network Trojan was detected
TCP 192.168.56.103:49166 -> 34.117.186.192:443	2025331	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	Device Retrieving External IP Address Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49168 172.67.75.166:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1P5	CN=db-ip.com	1f:af:15:cd:f8:f8:ee:30:f9:6e:6e:54:bc:9a:a7:c7:77:70:6d:25

Queries for the computername (4 events)

Time & API	Arguments	Status	Return
GetComputerNameA June 9, 2024, 9:10 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA June 9, 2024, 9:12 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 9, 2024, 9:15 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 9, 2024, 9:15 a.m.	computer_name: TEST22-PC	1	1

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW June 9, 2024, 9:15 a.m.	buffer: SUCCESS: The scheduled task "MPGPH131 HR" has successfully been created. console_handle: 0x00000007	1	1	0
WriteConsoleW June 9, 2024, 9:15 a.m.	buffer: SUCCESS: The scheduled task "MPGPH131 LG" has successfully been created. console_handle: 0x00000007	1	1	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 9, 2024, 9:12 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section
section	.data\x00Th

One or more processes crashed (26 events)

Time & API	Arguments	Status
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e4fd9 @ 0x304fd9 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059804 registers.edi: 3133580 registers.eax: 0 registers.ebp: 8059832 registers.edx: 0 registers.ebx: 41431868 registers.esi: 5 registers.ecx: 41431868	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e4fd9 @ 0x304fd9 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059804 registers.edi: 8059804 registers.eax: 0 registers.ebp: 8059832 registers.edx: 2 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8060012	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 3133580 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 4292571136 registers.esi: 1798144 registers.ecx: 1798144	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544154 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544154 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544154 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5203 @ 0x305203 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e52df @ 0x3052df sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 3133580 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 4292571136 registers.esi: 1798144 registers.ecx: 0	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e52df @ 0x3052df sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e52df @ 0x3052df sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e52df @ 0x3052df sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544154 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e52df @ 0x3052df sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544154 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e52df @ 0x3052df sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544154 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e54ab @ 0x3054ab sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 3133580 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 4292571136 registers.esi: 1798144 registers.ecx: 0	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e54ab @ 0x3054ab sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5541 @ 0x305541 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 3133580 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 4292571136 registers.esi: 1798144 registers.ecx: 1781595904	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5541 @ 0x305541 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5541 @ 0x305541 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5541 @ 0x305541 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544154 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5541 @ 0x305541 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5541 @ 0x305541 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: f7 f0 e8 f8 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d1d9 exception.instruction: div eax exception.module: sila.exe exception.exception_code: 0xc0000094 exception.offset: 2413017 exception.address: 0x26d1d9 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 0 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:10 a.m.	stacktrace: sila+0x2e5541 @ 0x305541 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: 0f 0b e8 cd 2f 01 00 33 c0 5a 59 59 64 89 10 eb exception.symbol: sila+0x24d204 exception.instruction: ud2 exception.module: sila.exe exception.exception_code: 0xc000001d exception.offset: 2413060 exception.address: 0x26d204 registers.esp: 8059756 registers.edi: 8059756 registers.eax: 0 registers.ebp: 8059784 registers.edx: 2 registers.ebx: 2544111 registers.esi: 0 registers.ecx: 8059792	1
__exception__ June 9, 2024, 9:12 a.m.	stacktrace: RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x7796f559 RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x7796f639 RtlUlonglongByteSwap+0xba5 RtlFreeOemString-0x20d35 ntdll+0x7df95 @ 0x7791df95 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x757f14dd sila+0x4b036 @ 0x6b036 sila+0x41cae @ 0x61cae sila+0x338fe @ 0x538fe sila+0x2e37 @ 0x22e37 sila+0x4665c @ 0x6665c sila+0x46454 @ 0x66454 sila+0x46708 @ 0x66708 sila+0x434da @ 0x634da sila+0x43406 @ 0x63406 sila+0x435c8 @ 0x635c8 sila+0x4372f @ 0x6372f sila+0x33d64 @ 0x53d64 sila+0x197000 @ 0x1b7000 sila+0x2e5613 @ 0x305613 sila+0x2e7071 @ 0x307071 sila+0x2708dc @ 0x2908dc exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653 exception.instruction: jmp 0x7796e667 exception.module: ntdll.dll exception.exception_code: 0xc0000374 exception.offset: 845395 exception.address: 0x7796e653 registers.esp: 8059012 registers.edi: 9029336 registers.eax: 8059028 registers.ebp: 8059132 registers.edx: 0 registers.ebx: 0 registers.esi: 8847360 registers.ecx: 2147483647	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (1 event)

request

GET https://db-ip.com/demo/home.php?s=175.208.134.152

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 2936832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02280000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02760000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02764000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 147456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02764000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02784000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02794000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02794000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 606208 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 81920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 9, 2024, 9:10 a.m.	process_identifier: 840 region_size: 114688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

sila.exe tried to sleep 277 seconds, actually delayed analysis time by 277 seconds

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (19 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1
GetDiskFreeSpaceW June 9, 2024, 9:12 a.m.	number_of_free_clusters: 8362495 sectors_per_cluster: 8362495 bytes_per_sector: 512 root_path: C: total_number_of_clusters: 8362495	1	1

Steals private information from local Internet browsers (50 out of 5998 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Local Extension Settings\cjmkndjhnagcfbpiemnkdpomccnjblmj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Sync Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Sync Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Sync Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Sync Extension Settings\jnkelfanjkeadonecabehalmbgpfodjm\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Sync Extension Settings\eigblbgjknlfbajkfhopmcojidlgcehm\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Local Extension Settings\aodkkagnadcbobfpggfnjeongemjbjca\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Sync Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Sync Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\cjmkndjhnagcfbpiemnkdpomccnjblmj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opfgelmcmbiajamepnmloijbpoleiama\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Sync Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Sync Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\GrShaderCache\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\Local Extension Settings\fiikommddbeccaoicoejoniammnalkfa\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\RecoveryImproved\Sync Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Floc\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\Sync Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\Sync Extension Settings\chgfefjpcobfbnpmiokfjjaglahmnded\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\Sync Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ThirdPartyModuleList64\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\MEIPreload\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Local Extension Settings\eigblbgjknlfbajkfhopmcojidlgcehm\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\Sync Extension Settings\loinekcabhlmhjjbocijdoimmejangoa\CURRENT

Looks up the external IP address (1 event)

domain

ipinfo.io

Creates a suspicious process (2 events)

cmdline	schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
cmdline	schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW June 9, 2024, 9:11 a.m.	thread_identifier: 2504 thread_handle: 0x00000160 process_identifier: 2500 current_directory: filepath: track: 1 command_line: schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x00000164	1	1	0
CreateProcessInternalW June 9, 2024, 9:11 a.m.	thread_identifier: 2612 thread_handle: 0x0000016c process_identifier: 2608 current_directory: filepath: track: 1 command_line: schtasks /create /f /RU "test22" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x00000168	1	1	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (9 events)

Time & API	Arguments	Status	Return
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: pw.exe process_identifier: 760	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: taskhost.exe process_identifier: 496	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: SearchProtocolHost.exe process_identifier: 1280	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: svchost.exe process_identifier: 2292	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: mscorsvw.exe process_identifier: 2320	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: mscorsvw.exe process_identifier: 2364	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: sppsvc.exe process_identifier: 2412	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: cmd.exe process_identifier: 2836	1	1
Process32NextW June 9, 2024, 9:12 a.m.	snapshot_handle: 0x00000498 process_name: conhost.exe process_identifier: 2844	1	1

The binary likely contains encrypted or compressed data indicative of a packer (6 events)

section

{u'size_of_data': u'0x00093c00', u'virtual_address': u'0x00001000', u'entropy': 7.999624498816391, u'name': u'', u'virtual_size': u'0x0015c000'}

entropy

7.99962449882

description