popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

icon-www-150x150.png.webp

Generic Malware
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us May 2, 2025, 3:26 a.m. May 2, 2025, 3:28 a.m.
Size 5.6KB
Type RIFF (little-endian) data, Web/P image
MD5 6d1187023440f00e521e16ba9f34d443
SHA256 8e640ff1989bcdf72f065ac30ec8fe47bee7d9c314600c8da0256154f3dd4c05
CRC32 539705DC
ssdeep 96:EqoRlJXXUrTBElnXbH78t6gnmQsqnvlI9prMKH7GbTGyIBQYtg9IHCOM:cxiClXbSRmQsuvlGXex7YwIHQ
Yara None matched

  • cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "HovzaPxe" C:\Users\test22\AppData\Local\Temp\icon-www-150x150.png.webp

    1836

    • chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\test22\AppData\Local\Temp\icon-www-150x150.png.webp

      2072

      • chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e46e00,0x7fef3e46e10,0x7fef3e46e20

        2176

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
file C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Locales
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x8d65cc
0x98000a
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 31 02 00 00 3d 3a 00 00 09 04 2a 00 02 00 01 00
exception.instruction: xor dword ptr [rdx], eax
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8d65cc
registers.r14: 258665704
registers.r15: 83561712
registers.rcx: 1408
registers.rsi: 17302540
registers.r10: 0
registers.rbx: 258664960
registers.rsp: 258664680
registers.r11: 258668576
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 1400
registers.r12: 258665320
registers.rbp: 258664816
registers.rdi: 83597488
registers.rax: 9961472
registers.r13: 83601888
1 0 0
Application Crash Process chrome.exe with pid 2072 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x8d65cc
0x98000a
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30
0x30

exception.instruction_r: 31 02 00 00 3d 3a 00 00 09 04 2a 00 02 00 01 00
exception.instruction: xor dword ptr [rdx], eax
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8d65cc
registers.r14: 258665704
registers.r15: 83561712
registers.rcx: 1408
registers.rsi: 17302540
registers.r10: 0
registers.rbx: 258664960
registers.rsp: 258664680
registers.r11: 258668576
registers.r8: 2004779404
registers.r9: 0
registers.rdx: 1400
registers.r12: 258665320
registers.rbp: 258664816
registers.rdi: 83597488
registers.rax: 9961472
registers.r13: 83601888
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\6953ba70-7801-4a91-9e67-ca82aac83a3b.dmp
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Last Version
file C:\Users\test22\AppData\Local\Google\Chrome\User Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6813CBBF-818.pma
Time & API Arguments Status Return Repeated

NtTerminateProcess

 status_code: 0xc0000005
process_identifier: 2072
process_handle: 0x00000000000000bc
0 0

NtTerminateProcess

 status_code: 0xc0000005
process_identifier: 2072
process_handle: 0x00000000000000bc
1 0 0
parent_process chrome.exe martian_process "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1020,5213432501295943320,5519084043955705101,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1032 /prefetch:2
parent_process chrome.exe martian_process "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef3e46e00,0x7fef3e46e10,0x7fef3e46e20
Process injection Process 2176 resumed a thread in remote process 2072
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0

NtResumeThread

 thread_handle: 0x000000000000011c
suspend_count: 2
process_identifier: 2072
1 0 0