5.8
高危
41 个模型检测该样本为恶意!
重新分析
更多

81f79f02756499f04525973b3c1d6e279e4c9e4f7bc9fa1bf34bf9a7c714169e

99813cab5bf4071d7ffbff181af1f5e6.exe

分析耗时

85s

最近分析

文件大小

2.4MB
静态报毒 动态报毒 ANDROM ATTRIBUTE BLADABINDI BLUTEAL DANGEROUSSIG DORC DOWNLOADER29 FALSESIGN FTAB HIGH CONFIDENCE HIGHCONFIDENCE HRZQRZ HUYZ HWMAAR8A JVKO KCLOUD KRYPTIK LEFJF MALICIOUS PE MALWARE@#3I0RAFTYMPQMJ O3RWAMRGDIU SAVE SCORE STATIC AI SUSGEN TSCOPE UNSAFE ZEMSILF ZO1@AUC651JI 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Trojan-FTAB!99813CAB5BF4 20210226 6.0.6.653
Alibaba Backdoor:MSIL/Bluteal.43b5aa77 20190527 0.3.0.5
Tencent Win32.Trojan.Falsesign.Huyz 20210226 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Hack.Undef.(kcloud) 20210226 2017.9.26.565
Avast Win32:DangerousSig [Trj] 20210226 21.1.5827.0
CrowdStrike 20210203 1.0
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1619781070.905681
IsDebuggerPresent
failed 0 0
1619781070.905681
IsDebuggerPresent
failed 0 0
This executable is signed
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619781070.952681
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (47 个事件)
Time & API Arguments Status Return Repeated
1619781070.311681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 1835008
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00c00000
success 0 0
1619781070.311681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00d80000
success 0 0
1619781070.561681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x007a0000
success 0 0
1619781070.561681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00880000
success 0 0
1619781070.655681
NtProtectVirtualMemory
process_identifier: 2200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e71000
success 0 0
1619781070.905681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00a20000
success 0 0
1619781070.905681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b10000
success 0 0
1619781070.921681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002da000
success 0 0
1619781070.921681
NtProtectVirtualMemory
process_identifier: 2200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73e72000
success 0 0
1619781070.921681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002d2000
success 0 0
1619781071.233681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e2000
success 0 0
1619781071.311681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00305000
success 0 0
1619781071.311681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0030b000
success 0 0
1619781071.311681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00307000
success 0 0
1619781071.546681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e3000
success 0 0
1619781071.577681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002ec000
success 0 0
1619781071.655681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00870000
success 0 0
1619781071.889681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e4000
success 0 0
1619781071.905681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e5000
success 0 0
1619781072.592681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00871000
success 0 0
1619781072.608681
NtProtectVirtualMemory
process_identifier: 2200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00000000
failed 3221225496 0
1619781072.967681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e6000
success 0 0
1619781074.092681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0dd60000
success 0 0
1619781074.092681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 5521408
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0dd61000
success 0 0
1619781074.733681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e7000
success 0 0
1619781074.764681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002f6000
success 0 0
1619781074.764681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e8000
success 0 0
1619781074.764681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002e9000
success 0 0
1619781074.780681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2a5000
success 0 0
1619781074.967681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002fa000
success 0 0
1619781074.967681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002f7000
success 0 0
1619781074.983681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2a6000
success 0 0
1619781075.014681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00910000
success 0 0
1619781075.046681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2a7000
success 0 0
1619781075.077681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2a8000
success 0 0
1619781076.077681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002ed000
success 0 0
1619781076.092681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2a9000
success 0 0
1619781076.092681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2ab000
success 0 0
1619781076.108681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x002dc000
success 0 0
1619781076.124681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2ac000
success 0 0
1619781076.124681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0e2af000
success 0 0
1619781076.139681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00911000
success 0 0
1619781076.296681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00912000
success 0 0
1619781076.389681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b70000
success 0 0
1619781076.452681
NtProtectVirtualMemory
process_identifier: 2200
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x003b0000
success 0 0
1619781076.452681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00913000
success 0 0
1619781076.452681
NtAllocateVirtualMemory
process_identifier: 2200
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b71000
success 0 0
Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 个事件)
Time & API Arguments Status Return Repeated
1619781076.436681
LookupPrivilegeValueW
system_name:
privilege_name: SeDebugPrivilege
success 1 0
Terminates another process (50 out of 246 个事件)
Time & API Arguments Status Return Repeated
1619781076.936681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1176
process_handle: 0x000001fc
failed 0 0
1619781076.936681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1176
process_handle: 0x000001fc
success 0 0
1619781077.342681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1564
process_handle: 0x0000020c
failed 0 0
1619781077.342681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1564
process_handle: 0x0000020c
success 0 0
1619781077.811681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2632
process_handle: 0x00000214
failed 0 0
1619781077.811681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2632
process_handle: 0x00000214
success 0 0
1619781078.342681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2116
process_handle: 0x0000021c
failed 0 0
1619781078.342681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2116
process_handle: 0x0000021c
success 0 0
1619781078.936681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1948
process_handle: 0x00000224
failed 0 0
1619781078.936681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1948
process_handle: 0x00000224
success 0 0
1619781079.374681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2288
process_handle: 0x0000022c
failed 0 0
1619781079.374681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2288
process_handle: 0x0000022c
success 0 0
1619781079.827681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1908
process_handle: 0x00000234
failed 0 0
1619781079.827681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 1908
process_handle: 0x00000234
success 0 0
1619781080.280681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2428
process_handle: 0x0000023c
failed 0 0
1619781080.280681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 2428
process_handle: 0x0000023c
success 0 0
1619781080.796681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 624
process_handle: 0x00000244
failed 0 0
1619781080.796681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 624
process_handle: 0x00000244
success 0 0
1619781081.217681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3128
process_handle: 0x0000024c
failed 0 0
1619781081.217681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3128
process_handle: 0x0000024c
success 0 0
1619781081.702681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3188
process_handle: 0x00000254
failed 0 0
1619781081.702681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3188
process_handle: 0x00000254
success 0 0
1619781082.186681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3252
process_handle: 0x0000025c
failed 0 0
1619781082.186681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3252
process_handle: 0x0000025c
success 0 0
1619781082.639681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3312
process_handle: 0x00000264
failed 0 0
1619781082.639681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3312
process_handle: 0x00000264
success 0 0
1619781083.124681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3372
process_handle: 0x0000026c
failed 0 0
1619781083.124681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3372
process_handle: 0x0000026c
success 0 0
1619781083.624681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3432
process_handle: 0x00000274
failed 0 0
1619781083.624681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3432
process_handle: 0x00000274
success 0 0
1619781084.092681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3492
process_handle: 0x0000027c
failed 0 0
1619781084.092681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3492
process_handle: 0x0000027c
success 0 0
1619781084.577681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3552
process_handle: 0x00000284
failed 0 0
1619781084.577681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3552
process_handle: 0x00000284
success 0 0
1619781085.061681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3612
process_handle: 0x0000028c
failed 0 0
1619781085.061681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3612
process_handle: 0x0000028c
success 0 0
1619781085.530681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3676
process_handle: 0x00000294
failed 0 0
1619781085.530681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3676
process_handle: 0x00000294
success 0 0
1619781085.999681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3744
process_handle: 0x0000029c
failed 0 0
1619781085.999681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3744
process_handle: 0x0000029c
success 0 0
1619781086.436681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3804
process_handle: 0x000002a4
failed 0 0
1619781086.436681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3804
process_handle: 0x000002a4
success 0 0
1619781086.936681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3864
process_handle: 0x000002ac
failed 0 0
1619781086.936681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3864
process_handle: 0x000002ac
success 0 0
1619781087.342681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3924
process_handle: 0x000002b4
failed 0 0
1619781087.342681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3924
process_handle: 0x000002b4
success 0 0
1619781087.811681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3984
process_handle: 0x000002bc
failed 0 0
1619781087.811681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 3984
process_handle: 0x000002bc
success 0 0
1619781088.217681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 4044
process_handle: 0x000002c4
failed 0 0
1619781088.217681
NtTerminateProcess
status_code: 0xffffffff
process_identifier: 4044
process_handle: 0x000002c4
success 0 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (50 out of 124 个事件)
Time & API Arguments Status Return Repeated
1619781076.530681
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001f4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.030681
NtAllocateVirtualMemory
process_identifier: 1564
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001f8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.452681
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000208
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.905681
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000210
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781078.546681
NtAllocateVirtualMemory
process_identifier: 1948
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000218
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.046681
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000220
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.467681
NtAllocateVirtualMemory
process_identifier: 1908
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000228
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.952681
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000230
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781080.405681
NtAllocateVirtualMemory
process_identifier: 624
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000238
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781080.921681
NtAllocateVirtualMemory
process_identifier: 3128
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000240
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781081.342681
NtAllocateVirtualMemory
process_identifier: 3188
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000248
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781081.842681
NtAllocateVirtualMemory
process_identifier: 3252
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000250
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781082.311681
NtAllocateVirtualMemory
process_identifier: 3312
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000258
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781082.749681
NtAllocateVirtualMemory
process_identifier: 3372
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000260
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781083.249681
NtAllocateVirtualMemory
process_identifier: 3432
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000268
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781083.749681
NtAllocateVirtualMemory
process_identifier: 3492
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000270
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781084.233681
NtAllocateVirtualMemory
process_identifier: 3552
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000278
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781084.717681
NtAllocateVirtualMemory
process_identifier: 3612
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000280
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781085.171681
NtAllocateVirtualMemory
process_identifier: 3676
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781085.624681
NtAllocateVirtualMemory
process_identifier: 3744
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000290
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781086.139681
NtAllocateVirtualMemory
process_identifier: 3804
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000298
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781086.561681
NtAllocateVirtualMemory
process_identifier: 3864
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781087.046681
NtAllocateVirtualMemory
process_identifier: 3924
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781087.483681
NtAllocateVirtualMemory
process_identifier: 3984
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781087.921681
NtAllocateVirtualMemory
process_identifier: 4044
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781088.358681
NtAllocateVirtualMemory
process_identifier: 3092
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781088.874681
NtAllocateVirtualMemory
process_identifier: 3172
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002c8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781089.327681
NtAllocateVirtualMemory
process_identifier: 3224
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002d0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781089.733681
NtAllocateVirtualMemory
process_identifier: 3280
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002d8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781090.217681
NtAllocateVirtualMemory
process_identifier: 1816
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002e0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781090.686681
NtAllocateVirtualMemory
process_identifier: 3472
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002e8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781091.171681
NtAllocateVirtualMemory
process_identifier: 3580
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002f0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781091.592681
NtAllocateVirtualMemory
process_identifier: 3696
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002f8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781092.077681
NtAllocateVirtualMemory
process_identifier: 3776
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000300
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781092.499681
NtAllocateVirtualMemory
process_identifier: 3880
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000308
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781092.983681
NtAllocateVirtualMemory
process_identifier: 3972
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000310
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781093.436681
NtAllocateVirtualMemory
process_identifier: 4072
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000318
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781093.905681
NtAllocateVirtualMemory
process_identifier: 3108
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000320
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781094.421681
NtAllocateVirtualMemory
process_identifier: 420
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000328
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781094.858681
NtAllocateVirtualMemory
process_identifier: 3340
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000330
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781095.296681
NtAllocateVirtualMemory
process_identifier: 3512
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000338
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781095.796681
NtAllocateVirtualMemory
process_identifier: 3656
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000340
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781096.264681
NtAllocateVirtualMemory
process_identifier: 3824
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000348
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781096.717681
NtAllocateVirtualMemory
process_identifier: 3996
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000350
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781097.186681
NtAllocateVirtualMemory
process_identifier: 2964
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000358
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781097.639681
NtAllocateVirtualMemory
process_identifier: 3004
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000360
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781098.061681
NtAllocateVirtualMemory
process_identifier: 3416
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000368
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781098.546681
NtAllocateVirtualMemory
process_identifier: 3704
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000370
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781099.014681
NtAllocateVirtualMemory
process_identifier: 3936
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000378
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781099.483681
NtAllocateVirtualMemory
process_identifier: 2956
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000380
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
Manipulates memory of a non-child process indicative of process injection (50 out of 248 个事件)
Process injection Process 2200 manipulating memory of non-child process 1176
Process injection Process 2200 manipulating memory of non-child process 1564
Process injection Process 2200 manipulating memory of non-child process 2632
Process injection Process 2200 manipulating memory of non-child process 2116
Process injection Process 2200 manipulating memory of non-child process 1948
Process injection Process 2200 manipulating memory of non-child process 2288
Process injection Process 2200 manipulating memory of non-child process 1908
Process injection Process 2200 manipulating memory of non-child process 2428
Process injection Process 2200 manipulating memory of non-child process 624
Process injection Process 2200 manipulating memory of non-child process 3128
Process injection Process 2200 manipulating memory of non-child process 3188
Process injection Process 2200 manipulating memory of non-child process 3252
Process injection Process 2200 manipulating memory of non-child process 3312
Process injection Process 2200 manipulating memory of non-child process 3372
Process injection Process 2200 manipulating memory of non-child process 3432
Process injection Process 2200 manipulating memory of non-child process 3492
Process injection Process 2200 manipulating memory of non-child process 3552
Process injection Process 2200 manipulating memory of non-child process 3612
Process injection Process 2200 manipulating memory of non-child process 3676
Process injection Process 2200 manipulating memory of non-child process 3744
Process injection Process 2200 manipulating memory of non-child process 3804
Process injection Process 2200 manipulating memory of non-child process 3864
Process injection Process 2200 manipulating memory of non-child process 3924
Process injection Process 2200 manipulating memory of non-child process 3984
Process injection Process 2200 manipulating memory of non-child process 4044
Time & API Arguments Status Return Repeated
1619781076.530681
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001f4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.030681
NtAllocateVirtualMemory
process_identifier: 1564
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001f8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.452681
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000208
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.905681
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000210
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781078.546681
NtAllocateVirtualMemory
process_identifier: 1948
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000218
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.046681
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000220
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.467681
NtAllocateVirtualMemory
process_identifier: 1908
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000228
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.952681
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000230
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781080.405681
NtAllocateVirtualMemory
process_identifier: 624
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000238
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781080.921681
NtAllocateVirtualMemory
process_identifier: 3128
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000240
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781081.342681
NtAllocateVirtualMemory
process_identifier: 3188
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000248
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781081.842681
NtAllocateVirtualMemory
process_identifier: 3252
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000250
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781082.311681
NtAllocateVirtualMemory
process_identifier: 3312
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000258
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781082.749681
NtAllocateVirtualMemory
process_identifier: 3372
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000260
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781083.249681
NtAllocateVirtualMemory
process_identifier: 3432
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000268
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781083.749681
NtAllocateVirtualMemory
process_identifier: 3492
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000270
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781084.233681
NtAllocateVirtualMemory
process_identifier: 3552
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000278
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781084.717681
NtAllocateVirtualMemory
process_identifier: 3612
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000280
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781085.171681
NtAllocateVirtualMemory
process_identifier: 3676
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000288
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781085.624681
NtAllocateVirtualMemory
process_identifier: 3744
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000290
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781086.139681
NtAllocateVirtualMemory
process_identifier: 3804
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000298
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781086.561681
NtAllocateVirtualMemory
process_identifier: 3864
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781087.046681
NtAllocateVirtualMemory
process_identifier: 3924
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002a8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781087.483681
NtAllocateVirtualMemory
process_identifier: 3984
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b0
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781087.921681
NtAllocateVirtualMemory
process_identifier: 4044
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000002b8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
Executed a process and injected code into it, probably while unpacking (50 out of 375 个事件)
Time & API Arguments Status Return Repeated
1619781070.905681
NtResumeThread
thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2200
success 0 0
1619781070.936681
NtResumeThread
thread_handle: 0x00000128
suspend_count: 1
process_identifier: 2200
success 0 0
1619781071.014681
NtResumeThread
thread_handle: 0x0000012c
suspend_count: 1
process_identifier: 2200
success 0 0
1619781076.530681
CreateProcessInternalW
thread_identifier: 3044
thread_handle: 0x000001f0
process_identifier: 1176
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x000001f4
inherit_handles: 0
success 1 0
1619781076.530681
NtGetContextThread
thread_handle: 0x000001f0
success 0 0
1619781076.530681
NtAllocateVirtualMemory
process_identifier: 1176
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001f4
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.030681
CreateProcessInternalW
thread_identifier: 2560
thread_handle: 0x000001fc
process_identifier: 1564
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x000001f8
inherit_handles: 0
success 1 0
1619781077.030681
NtGetContextThread
thread_handle: 0x000001fc
success 0 0
1619781077.030681
NtAllocateVirtualMemory
process_identifier: 1564
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x000001f8
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.452681
CreateProcessInternalW
thread_identifier: 884
thread_handle: 0x0000020c
process_identifier: 2632
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000208
inherit_handles: 0
success 1 0
1619781077.452681
NtGetContextThread
thread_handle: 0x0000020c
success 0 0
1619781077.452681
NtAllocateVirtualMemory
process_identifier: 2632
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000208
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781077.905681
CreateProcessInternalW
thread_identifier: 1380
thread_handle: 0x00000214
process_identifier: 2116
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000210
inherit_handles: 0
success 1 0
1619781077.905681
NtGetContextThread
thread_handle: 0x00000214
success 0 0
1619781077.905681
NtAllocateVirtualMemory
process_identifier: 2116
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000210
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781078.546681
CreateProcessInternalW
thread_identifier: 1888
thread_handle: 0x0000021c
process_identifier: 1948
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000218
inherit_handles: 0
success 1 0
1619781078.546681
NtGetContextThread
thread_handle: 0x0000021c
success 0 0
1619781078.546681
NtAllocateVirtualMemory
process_identifier: 1948
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000218
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.046681
CreateProcessInternalW
thread_identifier: 200
thread_handle: 0x00000224
process_identifier: 2288
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000220
inherit_handles: 0
success 1 0
1619781079.046681
NtGetContextThread
thread_handle: 0x00000224
success 0 0
1619781079.046681
NtAllocateVirtualMemory
process_identifier: 2288
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000220
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.467681
CreateProcessInternalW
thread_identifier: 2656
thread_handle: 0x0000022c
process_identifier: 1908
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000228
inherit_handles: 0
success 1 0
1619781079.467681
NtGetContextThread
thread_handle: 0x0000022c
success 0 0
1619781079.467681
NtAllocateVirtualMemory
process_identifier: 1908
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000228
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781079.952681
CreateProcessInternalW
thread_identifier: 1476
thread_handle: 0x00000234
process_identifier: 2428
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000230
inherit_handles: 0
success 1 0
1619781079.952681
NtGetContextThread
thread_handle: 0x00000234
success 0 0
1619781079.952681
NtAllocateVirtualMemory
process_identifier: 2428
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000230
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781080.405681
CreateProcessInternalW
thread_identifier: 796
thread_handle: 0x0000023c
process_identifier: 624
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000238
inherit_handles: 0
success 1 0
1619781080.405681
NtGetContextThread
thread_handle: 0x0000023c
success 0 0
1619781080.405681
NtAllocateVirtualMemory
process_identifier: 624
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000238
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781080.921681
CreateProcessInternalW
thread_identifier: 3132
thread_handle: 0x00000244
process_identifier: 3128
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000240
inherit_handles: 0
success 1 0
1619781080.921681
NtGetContextThread
thread_handle: 0x00000244
success 0 0
1619781080.921681
NtAllocateVirtualMemory
process_identifier: 3128
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000240
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781081.327681
CreateProcessInternalW
thread_identifier: 3192
thread_handle: 0x0000024c
process_identifier: 3188
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000248
inherit_handles: 0
success 1 0
1619781081.327681
NtGetContextThread
thread_handle: 0x0000024c
success 0 0
1619781081.342681
NtAllocateVirtualMemory
process_identifier: 3188
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000248
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781081.842681
CreateProcessInternalW
thread_identifier: 3256
thread_handle: 0x00000254
process_identifier: 3252
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000250
inherit_handles: 0
success 1 0
1619781081.842681
NtGetContextThread
thread_handle: 0x00000254
success 0 0
1619781081.842681
NtAllocateVirtualMemory
process_identifier: 3252
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000250
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781082.311681
CreateProcessInternalW
thread_identifier: 3316
thread_handle: 0x0000025c
process_identifier: 3312
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000258
inherit_handles: 0
success 1 0
1619781082.311681
NtGetContextThread
thread_handle: 0x0000025c
success 0 0
1619781082.311681
NtAllocateVirtualMemory
process_identifier: 3312
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000258
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781082.749681
CreateProcessInternalW
thread_identifier: 3376
thread_handle: 0x00000264
process_identifier: 3372
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000260
inherit_handles: 0
success 1 0
1619781082.749681
NtGetContextThread
thread_handle: 0x00000264
success 0 0
1619781082.749681
NtAllocateVirtualMemory
process_identifier: 3372
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000260
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781083.249681
CreateProcessInternalW
thread_identifier: 3436
thread_handle: 0x0000026c
process_identifier: 3432
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000268
inherit_handles: 0
success 1 0
1619781083.249681
NtGetContextThread
thread_handle: 0x0000026c
success 0 0
1619781083.249681
NtAllocateVirtualMemory
process_identifier: 3432
region_size: 188416
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000268
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00400000
failed 3221225496 0
1619781083.749681
CreateProcessInternalW
thread_identifier: 3496
thread_handle: 0x00000274
process_identifier: 3492
current_directory:
filepath: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
track: 1
command_line:
filepath_r: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\99813cab5bf4071d7ffbff181af1f5e6.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
process_handle: 0x00000270
inherit_handles: 0
success 1 0
1619781083.749681
NtGetContextThread
thread_handle: 0x00000274
success 0 0
File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 个事件)
Elastic malicious (high confidence)
DrWeb Trojan.DownLoader29.2373
FireEye Generic.mg.99813cab5bf4071d
McAfee Trojan-FTAB!99813CAB5BF4
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056acbe1 )
K7GW Trojan ( 0056acbe1 )
Cybereason malicious.ac1978
BitDefenderTheta Gen:NN.ZemsilF.34590.zo1@auC651ji
Cyren W32/Trojan.JVKO-1284
Symantec ML.Attribute.HighConfidence
Paloalto generic.ml
Kaspersky HEUR:Backdoor.MSIL.Androm.gen
Alibaba Backdoor:MSIL/Bluteal.43b5aa77
NANO-Antivirus Trojan.Win32.Androm.hrzqrz
Tencent Win32.Trojan.Falsesign.Huyz
Comodo Malware@#3i0raftympqmj
F-Secure Trojan.TR/Kryptik.lefjf
Zillya Trojan.Kryptik.Win32.2371414
Sophos Mal/Generic-S
Ikarus Trojan.Inject
Jiangmin Backdoor.MSIL.dorc
Avira TR/Kryptik.lefjf
Antiy-AVL Trojan[Backdoor]/MSIL.Androm
Kingsoft Win32.Hack.Undef.(kcloud)
ZoneAlarm HEUR:Backdoor.MSIL.Androm.gen
Cynet Malicious (score: 85)
AhnLab-V3 Malware/Win32.RL_Generic.C4178150
VBA32 TScope.Trojan.MSIL
Malwarebytes Backdoor.Bladabindi
Panda Trj/CI.A
APEX Malicious
ESET-NOD32 a variant of MSIL/Kryptik.XIQ
Yandex Trojan.Kryptik!o3rWAmrGdiU
SentinelOne Static AI - Malicious PE
Fortinet MSIL/Kryptik.XIQ!tr
MaxSecure Trojan.Malware.73691364.susgen
AVG Win32:DangerousSig [Trj]
Avast Win32:DangerousSig [Trj]
Qihoo-360 Win32/Trojan.Kryptik.HwMAar8A
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2019-11-13 12:33:14

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 49236 239.255.255.250 3702
192.168.56.101 58368 239.255.255.250 3702
192.168.56.101 58707 239.255.255.250 3702
192.168.56.101 62196 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.