Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 8, 2025, 12:03 p.m.	March 8, 2025, 12:09 p.m.

Size	680.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`a8a583a880111a63bc81037ee0248e19`
SHA256	`e734f4727fb9eed91daaa91c954135710d0f27b832c7183fe7700b1d4d2aa8c1`
CRC32	`3A881163`
ssdeep	`12288:6zOi91H38tg6Dma1xEJuwuWP7wSNXIH9bWb4r3rzOi91H38tg6Dma1xEJuwuWP7p:uOi9dRq312XupVZW0TOi9dRq312XupVa`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)

67a4ea0f-a626-4118-b393-80fb7fdc2175.exe "C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe"
1156

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 8, 2025, 12:03 p.m.			0	0
IsDebuggerPresent March 8, 2025, 12:03 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 8, 2025, 12:03 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (17 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 8, 2025, 12:03 p.m.	process_identifier: 1156 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:03 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2025, 12:03 p.m.	process_identifier: 1156 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2025, 12:03 p.m.	process_identifier: 1156 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f62000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:03 p.m.	process_identifier: 1156 region_size: 1310720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fc0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:03 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x020c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:03 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00362000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00395000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0039b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00397000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0037c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00620000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00386000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0038a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00387000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0036a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1156 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022b2000 process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00053c00', u'virtual_address': u'0x00008000', u'entropy': 7.999410368418554, u'name': u'.bss', u'virtual_size': u'0x00053c00'}

entropy

7.99941036842

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00053c00', u'virtual_address': u'0x0005c000', u'entropy': 7.999410368418554, u'name': u'.bss', u'virtual_size': u'0x00053c00'}

entropy

7.99941036842

description

A section with a high entropy has been found

entropy

0.986745213549

description

Overall entropy of this PE file is high

Terminates another process (50 out of 9392 events)

Time & API	Arguments	Status
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2124 process_handle: 0x000001fc
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2124 process_handle: 0x000001fc	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2160 process_handle: 0x00000200
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2160 process_handle: 0x00000200	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2196 process_handle: 0x00000208
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2196 process_handle: 0x00000208	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2240 process_handle: 0x00000210
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2240 process_handle: 0x00000210	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2300 process_handle: 0x00000218
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2300 process_handle: 0x00000218	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2344 process_handle: 0x00000220
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2344 process_handle: 0x00000220	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2380 process_handle: 0x00000228
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2380 process_handle: 0x00000228	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2416 process_handle: 0x00000230
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2416 process_handle: 0x00000230	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2456 process_handle: 0x00000238
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2456 process_handle: 0x00000238	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2492 process_handle: 0x00000240
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2492 process_handle: 0x00000240	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2528 process_handle: 0x00000248
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2528 process_handle: 0x00000248	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2564 process_handle: 0x00000250
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2564 process_handle: 0x00000250	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2600 process_handle: 0x00000258
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2600 process_handle: 0x00000258	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2636 process_handle: 0x00000260
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2636 process_handle: 0x00000260	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2672 process_handle: 0x00000268
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2672 process_handle: 0x00000268	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2708 process_handle: 0x00000270
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2708 process_handle: 0x00000270	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2744 process_handle: 0x00000278
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2744 process_handle: 0x00000278	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2780 process_handle: 0x00000280
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2780 process_handle: 0x00000280	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2816 process_handle: 0x00000288
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2816 process_handle: 0x00000288	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2852 process_handle: 0x00000290
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2852 process_handle: 0x00000290	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2888 process_handle: 0x00000298
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2888 process_handle: 0x00000298	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2924 process_handle: 0x000002a0
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2924 process_handle: 0x000002a0	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2960 process_handle: 0x000002a8
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2960 process_handle: 0x000002a8	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2996 process_handle: 0x000002b0
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 2996 process_handle: 0x000002b0	1
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 3032 process_handle: 0x000002b8
NtTerminateProcess March 8, 2025, 12:04 p.m.	status_code: 0x00000000 process_identifier: 3032 process_handle: 0x000002b8	1

Allocates execute permission to another process indicative of possible code injection (50 out of 4696 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2124 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001fc	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2160 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000200	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2196 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000208	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2240 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000210	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2300 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000218	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2344 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000220	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2380 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000228	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2416 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000230	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2456 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000238	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2492 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000240	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2528 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000248	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2564 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000250	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2600 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000258	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2636 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000260	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2672 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000268	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2708 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000270	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2744 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000278	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2780 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000280	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2816 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000288	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2852 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000290	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2888 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000298	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2924 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002a0	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2960 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002a8	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2996 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002b0	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 3032 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002b8	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 3068 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c0	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2060 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c8	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2152 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002d0	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2224 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002d8	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2324 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002e0	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2276 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002e8	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2408 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f0	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2468 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f8	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2520 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000300	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2592 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000308	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2648 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000310	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2724 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000318	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2800 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000320	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2844 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000328	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2916 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000330	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2972 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000338	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 3044 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000340	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2084 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000348	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2216 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000350	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2296 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000358	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2448 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000360	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 1872 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000368	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2628 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000370	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2760 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000378	3221225496
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2880 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000380	3221225496

Manipulates memory of a non-child process indicative of process injection (50 out of 9392 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 1156 manipulating memory of non-child process 2124
Process injection	Process 1156 manipulating memory of non-child process 2160
Process injection	Process 1156 manipulating memory of non-child process 2196
Process injection	Process 1156 manipulating memory of non-child process 2240
Process injection	Process 1156 manipulating memory of non-child process 2300
Process injection	Process 1156 manipulating memory of non-child process 2344
Process injection	Process 1156 manipulating memory of non-child process 2380
Process injection	Process 1156 manipulating memory of non-child process 2416
Process injection	Process 1156 manipulating memory of non-child process 2456
Process injection	Process 1156 manipulating memory of non-child process 2492
Process injection	Process 1156 manipulating memory of non-child process 2528
Process injection	Process 1156 manipulating memory of non-child process 2564
Process injection	Process 1156 manipulating memory of non-child process 2600
Process injection	Process 1156 manipulating memory of non-child process 2636
Process injection	Process 1156 manipulating memory of non-child process 2672
Process injection	Process 1156 manipulating memory of non-child process 2708
Process injection	Process 1156 manipulating memory of non-child process 2744
Process injection	Process 1156 manipulating memory of non-child process 2780
Process injection	Process 1156 manipulating memory of non-child process 2816
Process injection	Process 1156 manipulating memory of non-child process 2852
Process injection	Process 1156 manipulating memory of non-child process 2888
Process injection	Process 1156 manipulating memory of non-child process 2924
Process injection	Process 1156 manipulating memory of non-child process 2960
Process injection	Process 1156 manipulating memory of non-child process 2996
Process injection	Process 1156 manipulating memory of non-child process 3032
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2124 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001fc	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2160 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000200	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2196 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000208	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2240 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000210	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2300 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000218	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2344 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000220	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2380 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000228	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2416 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000230	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2456 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000238	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2492 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000240	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2528 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000248	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2564 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000250	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2600 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000258	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2636 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000260	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2672 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000268	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2708 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000270	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2744 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000278	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2780 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000280	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2816 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000288	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2852 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000290	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2888 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000298	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2924 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002a0	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2960 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002a8	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2996 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002b0	3221225496	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 3032 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002b8	3221225496	0

Executed a process and injected code into it, probably while unpacking (50 out of 14091 events)

Time & API	Arguments	Status	Return
NtResumeThread March 8, 2025, 12:03 p.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 1156	1	0
NtResumeThread March 8, 2025, 12:03 p.m.	thread_handle: 0x00000154 suspend_count: 1 process_identifier: 1156	1	0
NtResumeThread March 8, 2025, 12:03 p.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 1156	1	0
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2128 thread_handle: 0x000001f8 process_identifier: 2124 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000001fc	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x000001f8	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2124 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000001fc		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2164 thread_handle: 0x00000204 process_identifier: 2160 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000200	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000204	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2160 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000200		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2200 thread_handle: 0x0000020c process_identifier: 2196 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000208	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x0000020c	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2196 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000208		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2244 thread_handle: 0x00000214 process_identifier: 2240 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000210	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000214	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2240 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000210		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2304 thread_handle: 0x0000021c process_identifier: 2300 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000218	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x0000021c	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2300 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000218		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2348 thread_handle: 0x00000224 process_identifier: 2344 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000220	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000224	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2344 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000220		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2384 thread_handle: 0x0000022c process_identifier: 2380 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000228	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x0000022c	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2380 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000228		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2420 thread_handle: 0x00000234 process_identifier: 2416 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000230	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000234	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2416 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000230		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2460 thread_handle: 0x0000023c process_identifier: 2456 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000238	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x0000023c	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2456 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000238		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2496 thread_handle: 0x00000244 process_identifier: 2492 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000240	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000244	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2492 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000240		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2532 thread_handle: 0x0000024c process_identifier: 2528 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000248	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x0000024c	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2528 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000248		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2568 thread_handle: 0x00000254 process_identifier: 2564 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000250	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000254	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2564 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000250		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2604 thread_handle: 0x0000025c process_identifier: 2600 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000258	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x0000025c	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2600 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000258		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2640 thread_handle: 0x00000264 process_identifier: 2636 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000260	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000264	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2636 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000260		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2676 thread_handle: 0x0000026c process_identifier: 2672 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000268	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x0000026c	1	0
NtAllocateVirtualMemory March 8, 2025, 12:04 p.m.	process_identifier: 2672 region_size: 389120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000268		3221225496
CreateProcessInternalW March 8, 2025, 12:04 p.m.	thread_identifier: 2712 thread_handle: 0x00000274 process_identifier: 2708 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe track: 1 command_line: filepath_r: C:\Users\test22\AppData\Local\Temp\67a4ea0f-a626-4118-b393-80fb7fdc2175.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000270	1	1
NtGetContextThread March 8, 2025, 12:04 p.m.	thread_handle: 0x00000274	1	0

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Lumma.1u!c
CAT-QuickHeal	Trojan.Ghanarava.1741383771248e19
Skyhigh	BehavesLike.Win32.Generic.jc
ALYac	IL:Trojan.MSILZilla.175053
Cylance	Unsafe
VIPRE	IL:Trojan.MSILZilla.175053
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	IL:Trojan.MSILZilla.175053
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Riskware ( 00584baa1 )
Arcabit	IL:Trojan.MSILZilla.D2ABCD
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/Kryptik.ANEE
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
ClamAV	Win.Packed.Msilzilla-10042543-0
Kaspersky	HEUR:Trojan-PSW.MSIL.Lumma.gen
Alibaba	TrojanPSW:MSIL/Lumma.1be18083
SUPERAntiSpyware	Trojan.Agent/Gen-Crypt
MicroWorld-eScan	IL:Trojan.MSILZilla.175053
Rising	Malware.Obfus/MSIL@AI.94 (RDM.MSIL2:MdeyzMj4dpwah150RaJtXA)
Emsisoft	IL:Trojan.MSILZilla.175053 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen2
DrWeb	Trojan.PWS.Lumma.1819
Zillya	Trojan.Lumma.Win32.1678
McAfeeD	ti!E734F4727FB9
CTX	exe.trojan.msil
Sophos	Troj/MSIL-TGV
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.a8a583a880111a63
Webroot	W32.Trojan.MSILZilla
Google	Detected
Avira	TR/Crypt.XPACK.Gen2
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	malware.kb.c.999
Gridinsoft	Trojan.Win32.Kryptik.sa
Microsoft	Trojan:MSIL/LummaC.SYFD!MTB
ViRobot	Trojan.Win.Z.Agent.696832.GX
GData	IL:Trojan.MSILZilla.175053
Varist	W32/Trojan.NSLC-5036
AhnLab-V3	Trojan/Win.LummaC.C5732231
McAfee	ACL/Zilla Trojan
TACHYON	Trojan-PWS/W32.DN-Lumma.696832
VBA32	TScope.Trojan.MSIL
Malwarebytes	Trojan.Crypt.MSIL
Ikarus	Trojan.MSIL.Krypt

67a4ea0f-a626-4118-b393-80fb7fdc2175

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All