Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 3, 2024, 6:38 p.m.	July 3, 2024, 6:40 p.m.

Size	100.0KB
Type	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`5de123afed9669f8abd8994820591ec7`
SHA256	`0a6564b0a531a7b6013360294329f3db6bcfbbe1761fb876f60db36957ecf64f`
CRC32	`3C2C3870`
ssdeep	`1536:trtc3fQlAm9zVUCMANgx798GW371bFz67MCZ7iac0u5v:Xcvrm9zZKx79ALcMCZ7iwu5`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\toi.txt.exe.dll,Start
2140
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\toi.txt.exe.dll,Start
  2292
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\toi.txt.exe.dll,
2228
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\toi.txt.exe.dll,DllMain
1944
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\toi.txt.exe.dll,DllMain
  2340

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ July 3, 2024, 6:30 p.m.	stacktrace: DllMain+0x5393 Start-0x507d toi+0xe913 @ 0x7fef3f2e913 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30 exception.instruction: cmp qword ptr [rax + 0x8c2], 0 exception.exception_code: 0xc0000005 exception.symbol: DllMain+0x5393 Start-0x507d toi+0xe913 exception.address: 0x7fef3f2e913 registers.r14: 1 registers.r15: 0 registers.rcx: 2916294128 registers.rsi: 2916294128 registers.r10: 0 registers.rbx: 3790048 registers.rsp: 2421624 registers.r11: 0 registers.r8: 0 registers.r9: 3609328 registers.rdx: 0 registers.r12: 8791595849088 registers.rbp: 2423304 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0
__exception__ July 3, 2024, 6:30 p.m.	stacktrace: DllMain+0x5393 Start-0x507d toi+0xe913 @ 0x7fef3f2e913 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 0x7fe00000030 exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30 exception.instruction: cmp qword ptr [rax + 0x8c2], 0 exception.exception_code: 0xc0000005 exception.symbol: DllMain+0x5393 Start-0x507d toi+0xe913 exception.address: 0x7fef3f2e913 registers.r14: 1 registers.r15: 0 registers.rcx: 2916294128 registers.rsi: 2916294128 registers.r10: 0 registers.rbx: 3003616 registers.rsp: 2028584 registers.r11: 0 registers.r8: 0 registers.r9: 2822896 registers.rdx: 0 registers.r12: 8791595849088 registers.rbp: 2030264 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

July 3, 2024, 6:30 p.m.

stacktrace:

DllMain+0x5393 Start-0x507d toi+0xe913 @ 0x7fef3f2e913
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30
exception.instruction: cmp qword ptr [rax + 0x8c2], 0
exception.exception_code: 0xc0000005
exception.symbol: DllMain+0x5393 Start-0x507d toi+0xe913
exception.address: 0x7fef3f2e913
registers.r14: 1
registers.r15: 0
registers.rcx: 2916294128
registers.rsi: 2916294128
registers.r10: 0
registers.rbx: 3790048
registers.rsp: 2421624
registers.r11: 0
registers.r8: 0
registers.r9: 3609328
registers.rdx: 0
registers.r12: 8791595849088
registers.rbp: 2423304
registers.rdi: 0
registers.rax: 0
registers.r13: 0

__exception__

July 3, 2024, 6:30 p.m.

stacktrace:

DllMain+0x5393 Start-0x507d toi+0xe913 @ 0x7fef3f2e913
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030
0x7fe00000030

exception.instruction_r: 48 83 b8 c2 08 00 00 00 75 10 65 48 8b 14 25 30
exception.instruction: cmp qword ptr [rax + 0x8c2], 0
exception.exception_code: 0xc0000005
exception.symbol: DllMain+0x5393 Start-0x507d toi+0xe913
exception.address: 0x7fef3f2e913
registers.r14: 1
registers.r15: 0
registers.rcx: 2916294128
registers.rsi: 2916294128
registers.r10: 0
registers.rbx: 3003616
registers.rsp: 2028584
registers.r11: 0
registers.r8: 0
registers.r9: 2822896
registers.rdx: 0
registers.r12: 8791595849088
registers.rbp: 2030264
registers.rdi: 0
registers.rax: 0
registers.r13: 0

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Havoc.m!c
Elastic	Windows.Generic.Threat
Cynet	Malicious (score: 100)
Skyhigh	Agent-FYC!5DE123AFED96
ALYac	Generic.Trojan.Havokiz.Marte.D.5736639D
VIPRE	Generic.Trojan.Havokiz.Marte.D.5736639D
Sangfor	Backdoor.Win64.Havoc.Veyx
BitDefender	Generic.Trojan.Havokiz.Marte.D.5736639D
Arcabit	Generic.Trojan.Havokiz.Marte.D.D5788BFD
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Havoc.M
APEX	Malicious
McAfee	Agent-FYC!5DE123AFED96
Avast	Win64:Evo-gen [Trj]
ClamAV	Win.Trojan.Havoc-10019366-0
Kaspersky	HEUR:Backdoor.Win64.Havoc.pef
Alibaba	Backdoor:Win64/Havoc.ea852c1f
MicroWorld-eScan	Generic.Trojan.Havokiz.Marte.D.5736639D
Rising	Backdoor.Havoc!8.970A (TFE:4:ASezLeWmqZ)
Emsisoft	Generic.Trojan.Havokiz.Marte.D.5736639D (B)
Zillya	Trojan.Havoc.Win64.157
McAfeeD	ti!0A6564B0A531
FireEye	Generic.Trojan.Havokiz.Marte.D.5736639D
Sophos	ATK/Havoc-G
Ikarus	Trojan.Win64.Havoc
Webroot	W32.Malware.Gen
Google	Detected
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Win64.Havoc
Gridinsoft	Ransom.Win64.Wacatac.sa
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Backdoor.Win64.Havoc.pef
GData	Generic.Trojan.Havokiz.Marte.D.5736639D
Varist	W64/ABTrojan.XOXP-5353
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Havoc
Panda	Trj/Chgt.AD
Tencent	Win64.Backdoor.Havoc.Zchl
SentinelOne	Static AI - Malicious PE
Fortinet	W64/Havoc.M!tr
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)
alibabacloud	Backdoor:Win/Havoc.M

toi.txt.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All