Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 17, 2024, 1:31 p.m.	Sept. 17, 2024, 1:37 p.m.

Size	1.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8b28fc96840848b88d76fb6df662eb23`
SHA256	`4783cb282470fbec51f7e33ca884f78f0caba36fef08590c469b290e6854bcbe`
CRC32	`B2A620DF`
ssdeep	`49152:N/bl6GeCJXULhXz1NOxaiMaOwS4Z2sbaXuK:NTl6SpEBNOxB64ZHbae`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)

lake.exe "C:\Users\test22\AppData\Local\Temp\lake.exe"
1820

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
185.215.113.103	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 185.215.113.103:80	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Sept. 17, 2024, 1:31 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameA Sept. 17, 2024, 1:31 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 17, 2024, 1:31 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 17, 2024, 1:31 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (7 events)

section	\x00
section	.rsrc
section	.idata
section
section	hkipukxq
section	sjidipdo
section	.taggant

One or more processes crashed (50 out of 122 events)

Time & API	Arguments	Status
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: lake+0x4d50b9 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 5066937 exception.address: 0x18250b9 registers.esp: 3997032 registers.edi: 0 registers.eax: 1 registers.ebp: 3997048 registers.edx: 26976256 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 68 6f 21 20 52 89 04 24 68 15 34 00 42 e9 ae exception.symbol: lake+0x24251a exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 2368794 exception.address: 0x159251a registers.esp: 3996996 registers.edi: 1971192040 registers.eax: 28310 registers.ebp: 4012638228 registers.edx: 20250624 registers.ebx: 56051611 registers.esi: 22617470 registers.ecx: 1971388416	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 68 04 e0 85 71 89 1c 24 51 89 e1 81 c1 04 00 exception.symbol: lake+0x24290e exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 2369806 exception.address: 0x159290e registers.esp: 3997000 registers.edi: 1971192040 registers.eax: 0 registers.ebp: 4012638228 registers.edx: 3429236920 registers.ebx: 56051611 registers.esi: 22620704 registers.ecx: 1971388416	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 53 bb 92 61 7f 37 c1 e3 05 c1 e3 02 f7 db 81 exception.symbol: lake+0x242d42 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 2370882 exception.address: 0x1592d42 registers.esp: 3996996 registers.edi: 1971192040 registers.eax: 25989 registers.ebp: 4012638228 registers.edx: 22621125 registers.ebx: 833619630 registers.esi: 22620704 registers.ecx: 1971388416	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 ec 01 00 00 53 e9 ef fa ff ff 8b 24 24 52 exception.symbol: lake+0x2434af exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 2372783 exception.address: 0x15934af registers.esp: 3997000 registers.edi: 1971192040 registers.eax: 239849 registers.ebp: 4012638228 registers.edx: 22624250 registers.ebx: 0 registers.esi: 22620704 registers.ecx: 1971388416	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 31 f6 e9 8d 00 00 00 2d 3d 78 0f 0b 89 c6 58 exception.symbol: lake+0x3c0402 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3933186 exception.address: 0x1710402 registers.esp: 3997000 registers.edi: 22657108 registers.eax: 26777 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 24210503 registers.esi: 24167781 registers.ecx: 859	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 68 c1 49 e8 33 89 34 24 be aa fd 1e 7f e9 55 exception.symbol: lake+0x3c059c exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3933596 exception.address: 0x171059c registers.esp: 3997000 registers.edi: 737513 registers.eax: 26777 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 24210503 registers.esi: 4294943236 registers.ecx: 859	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 11 a3 e1 7f ff 0c 24 81 34 24 74 exception.symbol: lake+0x3c2687 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3942023 exception.address: 0x1712687 registers.esp: 3997000 registers.edi: 737513 registers.eax: 24215915 registers.ebp: 4012638228 registers.edx: 901819434 registers.ebx: 972220674 registers.esi: 4294943236 registers.ecx: 859	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 50 b8 57 ff ff 5f 50 51 58 59 87 f1 f7 d6 87 exception.symbol: lake+0x3c21a4 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3940772 exception.address: 0x17121a4 registers.esp: 3997000 registers.edi: 737513 registers.eax: 24192923 registers.ebp: 4012638228 registers.edx: 0 registers.ebx: 972220674 registers.esi: 50665 registers.ecx: 859	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 56 be 99 df ed 5e 81 f6 9d b7 33 73 e9 94 00 exception.symbol: lake+0x3c4005 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3948549 exception.address: 0x1714005 registers.esp: 3996996 registers.edi: 1117458266 registers.eax: 26396 registers.ebp: 4012638228 registers.edx: 24197374 registers.ebx: 24194912 registers.esi: 0 registers.ecx: 61792	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 68 5e 83 b2 60 e9 70 00 00 00 4b e9 89 00 00 exception.symbol: lake+0x3c4231 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3949105 exception.address: 0x1714231 registers.esp: 3997000 registers.edi: 1259 registers.eax: 26396 registers.ebp: 4012638228 registers.edx: 24200286 registers.ebx: 0 registers.esi: 0 registers.ecx: 61792	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 d4 85 84 2a 89 3c 24 exception.symbol: lake+0x3cfc6d exception.instruction: in eax, dx exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3996781 exception.address: 0x171fc6d registers.esp: 3996992 registers.edi: 7417454 registers.eax: 1447909480 registers.ebp: 4012638228 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 24229500 registers.ecx: 20	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: lake+0x3cc617 exception.address: 0x171c617 exception.module: lake.exe exception.exception_code: 0xc000001d exception.offset: 3982871 registers.esp: 3996992 registers.edi: 7417454 registers.eax: 1 registers.ebp: 4012638228 registers.edx: 22104 registers.ebx: 0 registers.esi: 24229500 registers.ecx: 20	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 a3 38 2d 12 01 exception.symbol: lake+0x3cd799 exception.instruction: in eax, dx exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3987353 exception.address: 0x171d799 registers.esp: 3996992 registers.edi: 7417454 registers.eax: 1447909480 registers.ebp: 4012638228 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 24229500 registers.ecx: 10	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 29 c9 ff 34 0e ff 34 24 ff 34 24 ff 34 24 5a exception.symbol: lake+0x3d474f exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4015951 exception.address: 0x172474f registers.esp: 3997000 registers.edi: 7417454 registers.eax: 26558 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 28915265 registers.esi: 24290931 registers.ecx: 1374224384	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 bd 00 00 00 81 f5 ad c4 f3 5f 51 b9 58 67 exception.symbol: lake+0x3d46ec exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4015852 exception.address: 0x17246ec registers.esp: 3997000 registers.edi: 7417454 registers.eax: 26558 registers.ebp: 4012638228 registers.edx: 2215600224 registers.ebx: 28915265 registers.esi: 24290931 registers.ecx: 4294943364	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 50 8b cb 59 52 e9 08 00 00 00 59 cc exception.symbol: lake+0x3d4b2a exception.instruction: int 1 exception.module: lake.exe exception.exception_code: 0xc0000005 exception.offset: 4016938 exception.address: 0x1724b2a registers.esp: 3996960 registers.edi: 0 registers.eax: 3996960 registers.ebp: 4012638228 registers.edx: 1641678931 registers.ebx: 24267815 registers.esi: 24279077 registers.ecx: 2128278407	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 62 22 04 08 89 34 24 68 f9 1f ff exception.symbol: lake+0x3e4f1e exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4083486 exception.address: 0x1734f1e registers.esp: 3997000 registers.edi: 22611222 registers.eax: 24363635 registers.ebp: 4012638228 registers.edx: 6 registers.ebx: 11014 registers.esi: 1974030886 registers.ecx: 24328966	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 a6 00 00 00 5b 48 e9 eb 01 00 00 5b 21 fa exception.symbol: lake+0x3e4d79 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4083065 exception.address: 0x1734d79 registers.esp: 3997000 registers.edi: 0 registers.eax: 24334283 registers.ebp: 4012638228 registers.edx: 6 registers.ebx: 11014 registers.esi: 1179202795 registers.ecx: 24328966	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 03 05 00 00 89 2c 24 89 0c 24 83 ec 04 89 exception.symbol: lake+0x3e6c9d exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4091037 exception.address: 0x1736c9d registers.esp: 3997000 registers.edi: 0 registers.eax: 31819 registers.ebp: 4012638228 registers.edx: 6 registers.ebx: 1528289648 registers.esi: 1179202795 registers.ecx: 24373347	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 52 89 1c 24 89 14 24 68 44 28 57 7f e9 42 fa exception.symbol: lake+0x3e74c8 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4093128 exception.address: 0x17374c8 registers.esp: 3997000 registers.edi: 0 registers.eax: 31819 registers.ebp: 4012638228 registers.edx: 6 registers.ebx: 4294938564 registers.esi: 262633 registers.ecx: 24373347	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 56 55 e9 ec fc ff ff 5b 52 e9 59 00 00 00 01 exception.symbol: lake+0x3eb9ab exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4110763 exception.address: 0x173b9ab registers.esp: 3996992 registers.edi: 0 registers.eax: 24387329 registers.ebp: 4012638228 registers.edx: 6 registers.ebx: 2044026503 registers.esi: 262633 registers.ecx: 24373347	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 68 f8 c3 2d 48 e9 8d 04 00 00 89 e2 81 c2 04 exception.symbol: lake+0x3eb535 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4109621 exception.address: 0x173b535 registers.esp: 3996992 registers.edi: 0 registers.eax: 24362013 registers.ebp: 4012638228 registers.edx: 84201 registers.ebx: 0 registers.esi: 262633 registers.ecx: 24373347	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 56 be 0f 23 eb 7f 56 81 34 24 bf 3c ff 67 8b exception.symbol: lake+0x3ecda6 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4115878 exception.address: 0x173cda6 registers.esp: 3996992 registers.edi: 0 registers.eax: 2298801283 registers.ebp: 4012638228 registers.edx: 24392480 registers.ebx: 4294942132 registers.esi: 262633 registers.ecx: 24373347	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 52 56 51 b9 52 29 6d 3a 89 ce 59 c1 ee 02 68 exception.symbol: lake+0x40aaf5 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4238069 exception.address: 0x175aaf5 registers.esp: 3996960 registers.edi: 24481304 registers.eax: 27689 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 24513016 registers.esi: 24481330 registers.ecx: 1374224384	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 27 00 00 00 5e e9 43 04 exception.symbol: lake+0x40a6df exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4237023 exception.address: 0x175a6df registers.esp: 3996960 registers.edi: 4294943032 registers.eax: 116969 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 24513016 registers.esi: 24481330 registers.ecx: 1374224384	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 52 89 e2 81 c2 04 00 00 00 81 ea 04 00 00 00 exception.symbol: lake+0x40b9a5 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4241829 exception.address: 0x175b9a5 registers.esp: 3996956 registers.edi: 4294943032 registers.eax: 24490548 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 1415164236 registers.esi: 24481330 registers.ecx: 1146235967	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 56 e9 7f 09 00 00 81 c3 7f 4c fe 34 81 cb a2 exception.symbol: lake+0x40b32b exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4240171 exception.address: 0x175b32b registers.esp: 3996960 registers.edi: 4294943032 registers.eax: 24518752 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 1415164236 registers.esi: 24481330 registers.ecx: 1146235967	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb b8 2c 13 ff 7f 68 08 a2 a1 6b 89 34 24 e9 42 exception.symbol: lake+0x40b3c7 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4240327 exception.address: 0x175b3c7 registers.esp: 3996960 registers.edi: 1342204512 registers.eax: 24493708 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 1415164236 registers.esi: 0 registers.ecx: 1146235967	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 50 56 be c3 ee bd 7e f7 d6 53 bb 01 00 00 00 exception.symbol: lake+0x40d55c exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4248924 exception.address: 0x175d55c registers.esp: 3996956 registers.edi: 479403624 registers.eax: 29817 registers.ebp: 4012638228 registers.edx: 24496765 registers.ebx: 1415164236 registers.esi: 24495667 registers.ecx: 0	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 53 68 24 8f 12 7d 8b 1c 24 83 c4 04 52 e9 ed exception.symbol: lake+0x40d2c8 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4248264 exception.address: 0x175d2c8 registers.esp: 3996960 registers.edi: 0 registers.eax: 322689 registers.ebp: 4012638228 registers.edx: 24499734 registers.ebx: 1415164236 registers.esi: 24495667 registers.ecx: 0	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 55 e9 fc 00 00 00 29 cb e9 47 exception.symbol: lake+0x40dc9c exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4250780 exception.address: 0x175dc9c registers.esp: 3996956 registers.edi: 0 registers.eax: 26049 registers.ebp: 4012638228 registers.edx: 1003796299 registers.ebx: 24500102 registers.esi: 24495667 registers.ecx: 810025736	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 89 e6 e9 00 00 00 exception.symbol: lake+0x40e274 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4252276 exception.address: 0x175e274 registers.esp: 3996960 registers.edi: 0 registers.eax: 26049 registers.ebp: 4012638228 registers.edx: 1003796299 registers.ebx: 24526151 registers.esi: 24495667 registers.ecx: 810025736	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 53 89 34 24 89 2c 24 81 ec 04 00 00 00 89 3c exception.symbol: lake+0x40e194 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4252052 exception.address: 0x175e194 registers.esp: 3996960 registers.edi: 991927693 registers.eax: 26049 registers.ebp: 4012638228 registers.edx: 4294944224 registers.ebx: 24526151 registers.esi: 24495667 registers.ecx: 810025736	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 83 ec 04 89 1c 24 50 68 66 exception.symbol: lake+0x411fc0 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4267968 exception.address: 0x1761fc0 registers.esp: 3996956 registers.edi: 991927693 registers.eax: 27162 registers.ebp: 4012638228 registers.edx: 24517824 registers.ebx: 65804 registers.esi: 24495667 registers.ecx: 1969225870	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 04 24 c7 04 24 23 cc 65 exception.symbol: lake+0x411ed5 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4267733 exception.address: 0x1761ed5 registers.esp: 3996960 registers.edi: 991927693 registers.eax: 27162 registers.ebp: 4012638228 registers.edx: 24544986 registers.ebx: 65804 registers.esi: 24495667 registers.ecx: 1969225870	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 55 bd da ff d7 5f e9 c0 ff ff ff 58 29 da 5b exception.symbol: lake+0x411e30 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4267568 exception.address: 0x1761e30 registers.esp: 3996960 registers.edi: 0 registers.eax: 27162 registers.ebp: 4012638228 registers.edx: 24520774 registers.ebx: 65804 registers.esi: 24495667 registers.ecx: 87273	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 57 00 00 00 59 56 be 04 00 00 00 01 f1 5e exception.symbol: lake+0x413391 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4273041 exception.address: 0x1763391 registers.esp: 3996956 registers.edi: 24521514 registers.eax: 26680 registers.ebp: 4012638228 registers.edx: 1675171159 registers.ebx: 65804 registers.esi: 24495667 registers.ecx: 87273	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 3a ff 34 24 ff 34 24 e9 67 04 00 exception.symbol: lake+0x412cf2 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4271346 exception.address: 0x1762cf2 registers.esp: 3996960 registers.edi: 24548194 registers.eax: 26680 registers.ebp: 4012638228 registers.edx: 1675171159 registers.ebx: 65804 registers.esi: 24495667 registers.ecx: 87273	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 55 68 ab 07 ff 35 5d 81 f5 60 d1 0b 01 e9 0c exception.symbol: lake+0x413301 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4272897 exception.address: 0x1763301 registers.esp: 3996960 registers.edi: 24548194 registers.eax: 26680 registers.ebp: 4012638228 registers.edx: 4294943396 registers.ebx: 65804 registers.esi: 24495667 registers.ecx: 24811	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 51 e9 fa 04 00 00 bd ba 28 5e b1 05 11 b5 ff exception.symbol: lake+0x415c33 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4283443 exception.address: 0x1765c33 registers.esp: 3996956 registers.edi: 1378699242 registers.eax: 28270 registers.ebp: 4012638228 registers.edx: 888461004 registers.ebx: 888461004 registers.esi: 24532736 registers.ecx: 0	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 50 89 e0 05 04 00 00 00 52 ba 04 00 00 00 29 exception.symbol: lake+0x4160cb exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4284619 exception.address: 0x17660cb registers.esp: 3996960 registers.edi: 4294941752 registers.eax: 28270 registers.ebp: 4012638228 registers.edx: 81129 registers.ebx: 888461004 registers.esi: 24561006 registers.ecx: 0	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 57 89 34 24 be 6f 12 7f 7d 56 68 1f 5f bf 75 exception.symbol: lake+0x4170ff exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4288767 exception.address: 0x17670ff registers.esp: 3996956 registers.edi: 4294941752 registers.eax: 24537247 registers.ebp: 4012638228 registers.edx: 81129 registers.ebx: 888461004 registers.esi: 24561006 registers.ecx: 885165132	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 0d 0d fc 69 e9 dc ff ff ff 89 34 exception.symbol: lake+0x416aaf exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4287151 exception.address: 0x1766aaf registers.esp: 3996960 registers.edi: 4294941752 registers.eax: 24562694 registers.ebp: 4012638228 registers.edx: 81129 registers.ebx: 888461004 registers.esi: 4294944296 registers.ecx: 607422803	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 c7 02 00 00 68 0c d7 14 2a e9 b5 fb ff ff exception.symbol: lake+0x4205ee exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4326894 exception.address: 0x17705ee registers.esp: 3996960 registers.edi: 282303532 registers.eax: 26824 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 301464893 registers.esi: 24603086 registers.ecx: 2155140389	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 ba f7 ff ff 2d 96 1f 3e 7c 40 f7 d0 e9 2b exception.symbol: lake+0x420a28 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4327976 exception.address: 0x1770a28 registers.esp: 3996960 registers.edi: 4294943112 registers.eax: 26824 registers.ebp: 4012638228 registers.edx: 2130566132 registers.ebx: 2179041617 registers.esi: 24603086 registers.ecx: 2155140389	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 56 89 0c 24 e9 06 02 00 00 81 c2 c6 ce b6 72 exception.symbol: lake+0x434ca6 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4410534 exception.address: 0x1784ca6 registers.esp: 3996960 registers.edi: 24632908 registers.eax: 25842 registers.ebp: 4012638228 registers.edx: 24684838 registers.ebx: 5636114 registers.esi: 3711646 registers.ecx: 2155223282	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 68 fb 7f 15 53 89 0c 24 68 bc eb ef 5a 8b 0c exception.symbol: lake+0x434990 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4409744 exception.address: 0x1784990 registers.esp: 3996960 registers.edi: 24632908 registers.eax: 607947089 registers.ebp: 4012638228 registers.edx: 24661874 registers.ebx: 5636114 registers.esi: 3711646 registers.ecx: 0	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb 29 d2 ff 34 32 ff 34 24 e9 6e fc ff ff 89 0c exception.symbol: lake+0x43abe3 exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4434915 exception.address: 0x178abe3 registers.esp: 3996960 registers.edi: 24663289 registers.eax: 29508 registers.ebp: 4012638228 registers.edx: 1563944 registers.ebx: 5636114 registers.esi: 24712798 registers.ecx: 1374224384	1
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: fb e9 57 00 00 00 56 be 97 0e 6f 79 31 f3 e9 7b exception.symbol: lake+0x43a84c exception.instruction: sti exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 4433996 exception.address: 0x178a84c registers.esp: 3996960 registers.edi: 24663289 registers.eax: 2989995880 registers.ebp: 4012638228 registers.edx: 4294940412 registers.ebx: 5636114 registers.esi: 24712798 registers.ecx: 1374224384	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	GET method with no useragent header, Connection to IP address				suspicious_request	GET http://185.215.113.103/
suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address				suspicious_request	POST http://185.215.113.103/e2b1563c6670f193.php

Performs some HTTP requests (2 events)

request	GET http://185.215.113.103/
request	POST http://185.215.113.103/e2b1563c6670f193.php

Sends data using the HTTP POST Method (1 event)

request

POST http://185.215.113.103/e2b1563c6670f193.php

Allocates read-write-execute memory (usually to unpack itself) (14 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 81920 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01351000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00450000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00680000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 17, 2024, 1:31 p.m.	process_identifier: 1820 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00430000 allocation_type: 12289 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00013c00', u'virtual_address': u'0x00001000', u'entropy': 7.969943220044331, u'name': u' \\x00 ', u'virtual_size': u'0x0023d000'}

entropy

7.96994322004

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00193400', u'virtual_address': u'0x004d5000', u'entropy': 7.9549370944544355, u'name': u'hkipukxq', u'virtual_size': u'0x00194000'}

entropy

7.95493709445

description

A section with a high entropy has been found

entropy

0.993540810335

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

185.215.113.103

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 17, 2024, 1:31 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 17, 2024, 1:31 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 d4 85 84 2a 89 3c 24 exception.symbol: lake+0x3cfc6d exception.instruction: in eax, dx exception.module: lake.exe exception.exception_code: 0xc0000096 exception.offset: 3996781 exception.address: 0x171fc6d registers.esp: 3996992 registers.edi: 7417454 registers.eax: 1447909480 registers.ebp: 4012638228 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 24229500 registers.ecx: 20	1	0	0

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W32.AIDetectMalware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Generic.tc
ALYac	Trojan.GenericKDZ.107878
Cylance	Unsafe
VIPRE	Trojan.GenericKDZ.107878
Sangfor	Trojan.Win32.Agent.V9v3
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Trojan.GenericKDZ.107878
Arcabit	Trojan.Generic.D1A566
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Miner.vho
MicroWorld-eScan	Trojan.GenericKDZ.107878
Rising	Trojan.Miner!8.EA1 (CLOUD)
Emsisoft	Trojan.GenericKDZ.107878 (B)
F-Secure	Trojan.TR/Crypt.TPM.Gen
McAfeeD	Real Protect-LS!8B28FC968408
Trapmine	malicious.high.ml.score
CTX	exe.trojan.generickdz
Sophos	Mal/Stealc-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.8b28fc96840848b8
Google	Detected
Avira	TR/Crypt.TPM.Gen
Kingsoft	Win32.HeurC.KVMH008.a
Gridinsoft	Trojan.Heur!.03A120A1
Microsoft	Trojan:Win32/Stealerc.GAB!MTB
ZoneAlarm	HEUR:Trojan.Win32.Miner.vho
GData	Trojan.GenericKDZ.107878
Varist	W32/Themida.CM.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R665962
McAfee	Artemis!8B28FC968408
DeepInstinct	MALICIOUS
VBA32	TScope.Malware-Cryptor.SB
Malwarebytes	Spyware.Stealc
Panda	Trj/CI.A
Zoner	Probably Heur.ExeHeaderL
Tencent	Win32.Trojan.Miner.Bnhl
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:PWSX-gen [Trj]
alibabacloud	Backdoor:Win/Bladabindi.Gen

lake.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All