Cuckoo Sandbox

File random.exe

Summary
Download Resubmit sample

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4208cb745b3416b4cabe99cf5bfd5471`
SHA1	`e42b11e63bbde6a1a11cb3ce82787f0ff33b679e`
SHA256	`14048c09f2c87e6af49e49f4e6770fd0a1641088f619fb8abcc0d94bf9150670`
SHA512	`2282f89b333be041c5e106dffa49f7afd911dae3b44cd8746ece2bfcb7cb8f6bce57f7c8ae1b1d5ce8c90f7c96730847c851a2cd68114c87fcf904348714b88d`
CRC32	`156E379E`
ssdeep	`None`
Yara	None matched

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Dec. 14, 2024, 5:08 p.m.	Dec. 14, 2024, 5:15 p.m.	431 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2024-12-11 11:49:03,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpriinqn
2024-12-11 11:49:03,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\xCagOszfjGaSmXZG
2024-12-11 11:49:03,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\tSVZeoQyvNuVGmrJslZOMv
2024-12-11 11:49:03,483 [analyzer] DEBUG: Started auxiliary module Curtain
2024-12-11 11:49:03,483 [analyzer] DEBUG: Started auxiliary module DbgView
2024-12-11 11:49:04,015 [analyzer] DEBUG: Started auxiliary module Disguise
2024-12-11 11:49:04,265 [analyzer] DEBUG: Loaded monitor into process with pid 512
2024-12-11 11:49:04,265 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2024-12-11 11:49:04,265 [analyzer] DEBUG: Started auxiliary module Human
2024-12-11 11:49:04,265 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2024-12-11 11:49:04,280 [analyzer] DEBUG: Started auxiliary module Reboot
2024-12-11 11:49:04,421 [analyzer] DEBUG: Started auxiliary module RecentFiles
2024-12-11 11:49:04,421 [analyzer] DEBUG: Started auxiliary module Screenshots
2024-12-11 11:49:04,421 [analyzer] DEBUG: Started auxiliary module Sysmon
2024-12-11 11:49:04,421 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2024-12-11 11:49:04,592 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\random.exe' with arguments '' and pid 2988
2024-12-11 11:49:04,750 [analyzer] DEBUG: Loaded monitor into process with pid 2988
2024-12-11 11:49:05,592 [analyzer] INFO: Process with pid 2988 has terminated
2024-12-11 11:49:05,592 [analyzer] INFO: Process list is empty, terminating analysis.
2024-12-11 11:49:06,765 [analyzer] INFO: Terminating remaining processes before shutdown.
2024-12-11 11:49:06,765 [analyzer] INFO: Analysis completed.

Cuckoo Log

2024-12-14 17:08:38,598 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:39,626 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:40,654 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:41,689 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:42,716 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:43,738 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:44,763 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:45,787 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:46,809 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:47,841 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:48,861 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:49,901 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:50,925 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:51,954 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:53,093 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:54,201 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:55,233 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:56,252 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:57,274 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:58,312 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:08:59,345 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:00,371 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:01,391 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:02,428 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:03,482 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:04,538 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:05,558 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:06,734 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:07,763 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:08,791 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:09,818 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:10,846 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:11,892 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:12,939 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:13,973 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:15,009 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:16,044 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:17,090 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:18,129 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:19,166 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:20,200 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:21,351 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:22,387 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:23,428 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:24,542 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:25,574 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:26,608 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:27,642 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:28,700 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:29,808 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:30,854 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:32,035 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:33,076 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:34,111 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:35,148 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:36,192 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:37,231 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:38,275 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:39,327 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:40,376 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:41,426 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:42,463 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:43,504 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:44,562 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:45,625 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:46,773 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:47,795 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:48,831 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:49,883 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:50,913 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:51,951 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:52,986 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:54,023 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:55,051 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:56,084 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:57,127 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:58,160 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:09:59,187 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:00,222 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:01,256 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:02,292 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:03,479 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:04,524 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:05,559 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:06,604 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:07,697 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:08,787 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:09,875 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:10,946 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:12,020 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:13,096 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:14,502 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:15,589 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:16,682 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:17,824 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:18,909 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:19,934 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:20,951 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:21,970 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:22,987 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:24,111 [cuckoo.core.scheduler] DEBUG: Task #5654458: no machine available yet
2024-12-14 17:10:25,162 [cuckoo.core.scheduler] INFO: Task #5654458: acquired machine win7x6426 (label=win7x6426)
2024-12-14 17:10:25,163 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.226 for task #5654458
2024-12-14 17:10:25,536 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 245777 (interface=vboxnet0, host=192.168.168.226)
2024-12-14 17:10:27,310 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6426
2024-12-14 17:10:27,987 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6426 to vmcloak
2024-12-14 17:12:36,640 [cuckoo.core.guest] INFO: Starting analysis #5654458 on guest (id=win7x6426, ip=192.168.168.226)
2024-12-14 17:12:37,647 [cuckoo.core.guest] DEBUG: win7x6426: not ready yet
2024-12-14 17:12:42,686 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6426, ip=192.168.168.226)
2024-12-14 17:12:42,858 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6426, ip=192.168.168.226, monitor=latest, size=6660546)
2024-12-14 17:12:44,922 [cuckoo.core.resultserver] DEBUG: Task #5654458: live log analysis.log initialized.
2024-12-14 17:12:46,132 [cuckoo.core.resultserver] DEBUG: Task #5654458 is sending a BSON stream
2024-12-14 17:12:46,620 [cuckoo.core.resultserver] DEBUG: Task #5654458 is sending a BSON stream
2024-12-14 17:12:47,480 [cuckoo.core.resultserver] DEBUG: Task #5654458: File upload for 'shots/0001.jpg'
2024-12-14 17:12:47,498 [cuckoo.core.resultserver] DEBUG: Task #5654458 uploaded file length: 133456
2024-12-14 17:12:48,597 [cuckoo.core.resultserver] DEBUG: Task #5654458: File upload for 'curtain/1733914146.66.curtain.log'
2024-12-14 17:12:48,601 [cuckoo.core.resultserver] DEBUG: Task #5654458 uploaded file length: 36
2024-12-14 17:12:48,697 [cuckoo.core.resultserver] DEBUG: Task #5654458: File upload for 'sysmon/1733914146.75.sysmon.xml'
2024-12-14 17:12:48,704 [cuckoo.core.resultserver] DEBUG: Task #5654458 uploaded file length: 311310
2024-12-14 17:12:49,593 [cuckoo.core.resultserver] DEBUG: Task #5654458 had connection reset for <Context for LOG>
2024-12-14 17:12:50,391 [cuckoo.core.guest] INFO: win7x6426: analysis completed successfully
2024-12-14 17:12:50,406 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2024-12-14 17:12:50,440 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2024-12-14 17:12:51,432 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6426 to path /srv/cuckoo/cwd/storage/analyses/5654458/memory.dmp
2024-12-14 17:12:51,433 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6426
2024-12-14 17:15:46,207 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.226 for task #5654458
2024-12-14 17:15:46,668 [cuckoo.core.scheduler] DEBUG: Released database task #5654458
2024-12-14 17:15:50,227 [cuckoo.core.scheduler] INFO: Task #5654458: analysis procedure completed

Signatures

Allocates read-write-execute memory (usually to unpack itself) (15 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778af000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77820000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 151552 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x010b1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00620000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 11, 2024, 12:49 p.m.	process_identifier: 2988 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 11, 2024, 12:49 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	kymuzjnt
section	zjyqsyrw
section	.taggant

One or more processes crashed (50 out of 115 events)

Time & API	Arguments	Status
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa5 ntdll+0x39f72 @ 0x77849f72 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xd2 ntdll+0x39f45 @ 0x77849f45 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: random+0x30b0b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3190969 exception.address: 0x13bb0b9 registers.esp: 3471308 registers.edi: 0 registers.eax: 1 registers.ebp: 3471324 registers.edx: 22437888 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 81 e9 a1 a1 df 6f 81 e9 80 a2 9b 5d 03 0c 24 exception.symbol: random+0x5743d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 357437 exception.address: 0x110743d registers.esp: 3471272 registers.edi: 1975320808 registers.eax: 26011 registers.ebp: 4007874580 registers.edx: 17498112 registers.ebx: 1330327383 registers.esi: 3 registers.ecx: 17853857	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb e9 23 07 00 00 8f 04 24 e9 32 06 00 00 31 da exception.symbol: random+0x56fa4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 356260 exception.address: 0x1106fa4 registers.esp: 3471276 registers.edi: 1975320808 registers.eax: 235753 registers.ebp: 4007874580 registers.edx: 4294944096 registers.ebx: 1330327383 registers.esi: 3 registers.ecx: 17879868	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 53 e9 da f6 ff ff 81 c3 04 00 exception.symbol: random+0x58b07 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 363271 exception.address: 0x1108b07 registers.esp: 3471276 registers.edi: 1259 registers.eax: 26989 registers.ebp: 4007874580 registers.edx: 815440177 registers.ebx: 17861448 registers.esi: 3 registers.ecx: 0	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 53 89 2c 24 bd 06 f0 9b 67 e9 00 00 00 00 68 exception.symbol: random+0x1d8802 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1935362 exception.address: 0x1288802 registers.esp: 3471276 registers.edi: 17893873 registers.eax: 28102 registers.ebp: 4007874580 registers.edx: 604292949 registers.ebx: 335872 registers.esi: 19433641 registers.ecx: 0	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 b8 a7 60 65 76 35 4f b1 df exception.symbol: random+0x1ddfad exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1957805 exception.address: 0x128dfad registers.esp: 3471272 registers.edi: 19453448 registers.eax: 28911 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 53216044 registers.esi: 19433641 registers.ecx: 812	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 68 45 3d d1 24 89 3c 24 bf d3 a0 4c 59 81 ec exception.symbol: random+0x1de1cb exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1958347 exception.address: 0x128e1cb registers.esp: 3471276 registers.edi: 19456575 registers.eax: 1549541099 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 19433641 registers.ecx: 812	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 73 45 f3 3b f7 1c 24 53 bb b6 b0 exception.symbol: random+0x1e5ccd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1989837 exception.address: 0x1295ccd registers.esp: 3471276 registers.edi: 0 registers.eax: 27377 registers.ebp: 4007874580 registers.edx: 19489435 registers.ebx: 1114345 registers.esi: 566744526 registers.ecx: 19456601	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 26 73 29 1e 89 0c 24 exception.symbol: random+0x1eb624 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2012708 exception.address: 0x129b624 registers.esp: 3471268 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 4007874580 registers.edx: 22104 registers.ebx: 1975455901 registers.esi: 19493599 registers.ecx: 20	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: random+0x1ea7fd exception.address: 0x129a7fd exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 2009085 registers.esp: 3471268 registers.edi: 0 registers.eax: 1 registers.ebp: 4007874580 registers.edx: 22104 registers.ebx: 0 registers.esi: 19493599 registers.ecx: 20	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 f9 2b 2d 12 01 exception.symbol: random+0x1eba6a exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2013802 exception.address: 0x129ba6a registers.esp: 3471268 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 4007874580 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 19493599 registers.ecx: 10	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 6a 00 53 e8 03 00 00 00 20 5b c3 5b exception.symbol: random+0x1efcc7 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 2030791 exception.address: 0x129fcc7 registers.esp: 3471236 registers.edi: 0 registers.eax: 3471236 registers.ebp: 4007874580 registers.edx: 19528859 registers.ebx: 19529240 registers.esi: 3086875135 registers.ecx: 1323079770	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 81 ee 48 96 bb 7f 03 34 24 53 55 89 e5 e9 4f exception.symbol: random+0x1f032d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2032429 exception.address: 0x12a032d registers.esp: 3471272 registers.edi: 0 registers.eax: 32216 registers.ebp: 4007874580 registers.edx: 2130543789 registers.ebx: 27504327 registers.esi: 19529934 registers.ecx: 1426680675	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 53 c7 04 24 9d a8 4f 7f e9 49 00 00 00 8b 3c exception.symbol: random+0x1f0c8d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2034829 exception.address: 0x12a0c8d registers.esp: 3471276 registers.edi: 0 registers.eax: 2283 registers.ebp: 4007874580 registers.edx: 2130543789 registers.ebx: 27504327 registers.esi: 19533378 registers.ecx: 1426680675	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb e9 97 00 00 00 05 19 84 14 0b 31 c3 58 81 c3 exception.symbol: random+0x200393 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2098067 exception.address: 0x12b0393 registers.esp: 3471276 registers.edi: 0 registers.eax: 32012 registers.ebp: 4007874580 registers.edx: 1179202795 registers.ebx: 19596931 registers.esi: 1975391248 registers.ecx: 0	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 8d c8 d7 7b 55 bd 0b e6 d0 03 81 exception.symbol: random+0x206260 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2122336 exception.address: 0x12b6260 registers.esp: 3471268 registers.edi: 0 registers.eax: 619271511 registers.ebp: 4007874580 registers.edx: 19646485 registers.ebx: 19596931 registers.esi: 4294942312 registers.ecx: 733077512	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 61 01 00 00 68 62 f0 bd exception.symbol: random+0x206dd5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2125269 exception.address: 0x12b6dd5 registers.esp: 3471268 registers.edi: 0 registers.eax: 32302 registers.ebp: 4007874580 registers.edx: 19654196 registers.ebx: 19596931 registers.esi: 4294942312 registers.ecx: 2052771870	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 57 68 01 ac 86 26 e9 d0 fb ff ff 51 68 d7 78 exception.symbol: random+0x206efa exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2125562 exception.address: 0x12b6efa registers.esp: 3471268 registers.edi: 0 registers.eax: 32302 registers.ebp: 4007874580 registers.edx: 19654196 registers.ebx: 4294937948 registers.esi: 607422805 registers.ecx: 2052771870	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 2d 99 d1 f6 5c 81 ec 04 00 00 00 89 1c 24 e9 exception.symbol: random+0x20d1ad exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2150829 exception.address: 0x12bd1ad registers.esp: 3471264 registers.edi: 0 registers.eax: 19648146 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 594434 registers.esi: 627067051 registers.ecx: 2150210378	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 51 b9 c6 b8 09 55 e9 ad 02 00 00 5a 56 89 1c exception.symbol: random+0x20d547 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2151751 exception.address: 0x12bd547 registers.esp: 3471268 registers.edi: 1783979243 registers.eax: 19651239 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 627067051 registers.ecx: 2150210378	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb e9 fa 00 00 00 29 f7 5e ff 34 24 5e 81 c4 04 exception.symbol: random+0x22cd34 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2280756 exception.address: 0x12dcd34 registers.esp: 3471232 registers.edi: 4244222419 registers.eax: 32582 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 19776426 registers.esi: 323518124 registers.ecx: 2150340718	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 57 51 e9 e0 ff ff ff 5c e9 e3 05 00 00 81 c2 exception.symbol: random+0x22c6c8 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2279112 exception.address: 0x12dc6c8 registers.esp: 3471236 registers.edi: 4244222419 registers.eax: 1392536160 registers.ebp: 4007874580 registers.edx: 4294937528 registers.ebx: 19809008 registers.esi: 323518124 registers.ecx: 2150340718	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 50 b8 30 3c 00 58 53 89 04 24 52 89 0c 24 b9 exception.symbol: random+0x22f2ac exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2290348 exception.address: 0x12df2ac registers.esp: 3471236 registers.edi: 1951543727 registers.eax: 0 registers.ebp: 4007874580 registers.edx: 19779974 registers.ebx: 1838322792 registers.esi: 19789589 registers.ecx: 39564561	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 55 bd c8 54 b8 6f 4d c1 ed 02 81 cd d3 60 db exception.symbol: random+0x230318 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2294552 exception.address: 0x12e0318 registers.esp: 3471232 registers.edi: 1951543727 registers.eax: 29107 registers.ebp: 4007874580 registers.edx: 784074476 registers.ebx: 19790021 registers.esi: 19789589 registers.ecx: 39564561	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb be 92 59 d3 7b e9 f5 fb ff ff 01 cd 8b 0c 24 exception.symbol: random+0x23028d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2294413 exception.address: 0x12e028d registers.esp: 3471236 registers.edi: 1951543727 registers.eax: 29107 registers.ebp: 4007874580 registers.edx: 784074476 registers.ebx: 19819128 registers.esi: 19789589 registers.ecx: 39564561	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 56 68 79 5f 5f 4e e9 b9 01 00 00 f7 1c 24 83 exception.symbol: random+0x22fb3d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2292541 exception.address: 0x12dfb3d registers.esp: 3471236 registers.edi: 2093187424 registers.eax: 29107 registers.ebp: 4007874580 registers.edx: 784074476 registers.ebx: 19792820 registers.esi: 0 registers.ecx: 39564561	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 2c 24 bd ae 42 cf 7d e9 exception.symbol: random+0x231336 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2298678 exception.address: 0x12e1336 registers.esp: 3471232 registers.edi: 2093187424 registers.eax: 30716 registers.ebp: 4007874580 registers.edx: 784074476 registers.ebx: 19792820 registers.esi: 0 registers.ecx: 19794963	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 68 7e 23 fb 30 89 0c 24 81 ec 04 00 00 00 e9 exception.symbol: random+0x230c40 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2296896 exception.address: 0x12e0c40 registers.esp: 3471236 registers.edi: 2093187424 registers.eax: 30716 registers.ebp: 4007874580 registers.edx: 784074476 registers.ebx: 730176909 registers.esi: 4294939572 registers.ecx: 19825679	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 2b da 10 4c e9 ff 03 00 00 33 14 exception.symbol: random+0x236a02 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2320898 exception.address: 0x12e6a02 registers.esp: 3471232 registers.edi: 2451624308 registers.eax: 30187 registers.ebp: 4007874580 registers.edx: 0 registers.ebx: 24651 registers.esi: 2093159700 registers.ecx: 19818932	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb e9 00 00 00 00 68 e1 ce 88 24 89 3c 24 50 e9 exception.symbol: random+0x237419 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2323481 exception.address: 0x12e7419 registers.esp: 3471236 registers.edi: 2451624308 registers.eax: 30187 registers.ebp: 4007874580 registers.edx: 0 registers.ebx: 24651 registers.esi: 2093159700 registers.ecx: 19849119	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 53 bb c6 b6 f4 7b 57 89 14 24 e9 12 00 00 00 exception.symbol: random+0x236c28 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2321448 exception.address: 0x12e6c28 registers.esp: 3471236 registers.edi: 2451624308 registers.eax: 30187 registers.ebp: 4007874580 registers.edx: 44777 registers.ebx: 4294939968 registers.esi: 2093159700 registers.ecx: 19849119	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 29 c0 ff 34 01 ff 34 24 5b 52 81 ec 04 00 00 exception.symbol: random+0x239373 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2331507 exception.address: 0x12e9373 registers.esp: 3471236 registers.edi: 2451624308 registers.eax: 27569 registers.ebp: 4007874580 registers.edx: 748613609 registers.ebx: 4294939968 registers.esi: 2093159700 registers.ecx: 19856573	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 68 94 8d af 3f e9 9e 04 00 00 89 2c 24 bd f7 exception.symbol: random+0x23948e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2331790 exception.address: 0x12e948e registers.esp: 3471236 registers.edi: 2451624308 registers.eax: 4294942640 registers.ebp: 4007874580 registers.edx: 748613609 registers.ebx: 86505 registers.esi: 2093159700 registers.ecx: 19856573	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 4e 93 e9 6e 81 2c 24 4b 68 76 f1 exception.symbol: random+0x239fdd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2334685 exception.address: 0x12e9fdd registers.esp: 3471236 registers.edi: 2451624308 registers.eax: 31159 registers.ebp: 4007874580 registers.edx: 670168832 registers.ebx: 257607030 registers.esi: 19863818 registers.ecx: 108870293	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 e9 33 03 00 00 53 e9 5b 02 00 00 81 exception.symbol: random+0x23a138 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2335032 exception.address: 0x12ea138 registers.esp: 3471236 registers.edi: 2451624308 registers.eax: 31159 registers.ebp: 4007874580 registers.edx: 670168832 registers.ebx: 0 registers.esi: 19835558 registers.ecx: 18475347	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 51 b9 b2 cd da 3a c1 e9 04 f7 d1 e9 82 fc ff exception.symbol: random+0x23c761 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2344801 exception.address: 0x12ec761 registers.esp: 3471232 registers.edi: 19841672 registers.eax: 31766 registers.ebp: 4007874580 registers.edx: 670168832 registers.ebx: 2469329918 registers.esi: 2487031088 registers.ecx: 690008830	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 68 cb 54 f4 34 89 14 24 51 68 94 b9 bf 4f 59 exception.symbol: random+0x23c34a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2343754 exception.address: 0x12ec34a registers.esp: 3471236 registers.edi: 19873438 registers.eax: 31766 registers.ebp: 4007874580 registers.edx: 670168832 registers.ebx: 2469329918 registers.esi: 2487031088 registers.ecx: 690008830	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb ba 5e 9f df 1b e9 1f 04 00 00 35 88 5a c0 48 exception.symbol: random+0x23c6c2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2344642 exception.address: 0x12ec6c2 registers.esp: 3471236 registers.edi: 19844762 registers.eax: 31766 registers.ebp: 4007874580 registers.edx: 670168832 registers.ebx: 0 registers.esi: 2487031088 registers.ecx: 3939837675	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 52 81 ec 04 00 00 00 e9 8a 00 00 00 83 c4 04 exception.symbol: random+0x24c336 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2409270 exception.address: 0x12fc336 registers.esp: 3471232 registers.edi: 19884034 registers.eax: 25970 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 1974403046 registers.esi: 19850080 registers.ecx: 19905444	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 31 db ff 34 0b ff 34 24 e9 6d 01 00 00 81 c2 exception.symbol: random+0x24bbcd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2407373 exception.address: 0x12fbbcd registers.esp: 3471236 registers.edi: 19884034 registers.eax: 25970 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 1974403046 registers.esi: 19850080 registers.ecx: 19931414	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 51 e9 bf fe ff ff 89 2c 24 bd d1 12 6f 0f 81 exception.symbol: random+0x24bf03 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2408195 exception.address: 0x12fbf03 registers.esp: 3471236 registers.edi: 747198294 registers.eax: 25970 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 4294944312 registers.esi: 19850080 registers.ecx: 19931414	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 81 eb fd a7 ef 4b 03 1c 24 51 e9 7a fb ff ff exception.symbol: random+0x255ee1 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2449121 exception.address: 0x1305ee1 registers.esp: 3471232 registers.edi: 19909899 registers.eax: 28327 registers.ebp: 4007874580 registers.edx: 1499048 registers.ebx: 19945183 registers.esi: 19909863 registers.ecx: 1228996608	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 56 be 41 18 b3 7b bb 37 d3 c3 74 81 cb c8 4b exception.symbol: random+0x2557dc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2447324 exception.address: 0x13057dc registers.esp: 3471236 registers.edi: 322689 registers.eax: 28327 registers.ebp: 4007874580 registers.edx: 1499048 registers.ebx: 19973510 registers.esi: 19909863 registers.ecx: 4294941624	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb e9 2c 04 00 00 81 c3 65 3e fe 3b c1 e3 02 f7 exception.symbol: random+0x2609c7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2492871 exception.address: 0x13109c7 registers.esp: 3471232 registers.edi: 19977401 registers.eax: 28535 registers.ebp: 4007874580 registers.edx: 19989423 registers.ebx: 19949265 registers.esi: 4040296 registers.ecx: 1228996608	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 52 89 e2 81 c2 04 00 00 00 56 be fe 60 ff 6b exception.symbol: random+0x260d24 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2493732 exception.address: 0x1310d24 registers.esp: 3471236 registers.edi: 1309960275 registers.eax: 4294941468 registers.ebp: 4007874580 registers.edx: 20017958 registers.ebx: 19949265 registers.esi: 4040296 registers.ecx: 1228996608	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 68 45 ed 7e 08 ff 34 24 8b 04 24 e9 4f 01 00 exception.symbol: random+0x268ab7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2525879 exception.address: 0x1318ab7 registers.esp: 3471236 registers.edi: 606898512 registers.eax: 28096 registers.ebp: 4007874580 registers.edx: 4738 registers.ebx: 0 registers.esi: 1752627256 registers.ecx: 20025865	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb bb b1 6a 04 10 52 54 5a 81 c2 04 00 00 00 81 exception.symbol: random+0x270c9c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2559132 exception.address: 0x1320c9c registers.esp: 3471236 registers.edi: 606898512 registers.eax: 0 registers.ebp: 4007874580 registers.edx: 606896464 registers.ebx: 20057774 registers.esi: 3761735805 registers.ecx: 109	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 81 c6 68 b0 fe 7f 81 ec 04 00 00 00 89 0c 24 exception.symbol: random+0x283115 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2634005 exception.address: 0x1333115 registers.esp: 3471232 registers.edi: 2262434244 registers.eax: 31645 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 4034451931 registers.esi: 20130515 registers.ecx: 2150675915	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 51 89 04 24 57 e9 df 00 00 00 33 14 24 31 14 exception.symbol: random+0x282d8f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2633103 exception.address: 0x1332d8f registers.esp: 3471236 registers.edi: 2262434244 registers.eax: 31645 registers.ebp: 4007874580 registers.edx: 2130566132 registers.ebx: 322689 registers.esi: 20162160 registers.ecx: 4294938040	1
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 e9 dd 01 00 00 81 c7 a5 5e exception.symbol: random+0x283ead exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2637485 exception.address: 0x1333ead registers.esp: 3471232 registers.edi: 2262434244 registers.eax: 20133374 registers.ebp: 4007874580 registers.edx: 1623133523 registers.ebx: 322689 registers.esi: 20162160 registers.ecx: 674839364	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00024200', u'virtual_address': u'0x00001000', u'entropy': 7.978174795767433, u'name': u' \\x00 ', u'virtual_size': u'0x00052000'}

entropy

7.97817479577

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a9200', u'virtual_address': u'0x0030b000', u'entropy': 7.953404553530808, u'name': u'kymuzjnt', u'virtual_size': u'0x001aa000'}

entropy

7.95340455353

description

A section with a high entropy has been found

entropy

0.993805548074

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (17 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Dec. 11, 2024, 12:49 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 11, 2024, 12:49 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 68 26 73 29 1e 89 0c 24 exception.symbol: random+0x1eb624 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2012708 exception.address: 0x129b624 registers.esp: 3471268 registers.edi: 0 registers.eax: 1447909480 registers.ebp: 4007874580 registers.edx: 22104 registers.ebx: 1975455901 registers.esi: 19493599 registers.ecx: 20	1	0	0

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Gen:Variant.Symmi.93663 (Engine A)
Avast Core Security (Linux)	Win32:Evo-gen [Trj]
F-Secure Antivirus (Linux)	Trojan.TR/Crypt.XPACK.Gen [Aquarius]
Windows Defender (Windows)	Trojan:Win32/LummaStealer.RPAA!MTB
Forticlient (Linux)	W32/PossibleThreat
Sophos Anti-Virus (Linux)	Mal/Generic-S
eScan Antivirus (Linux)	Gen:Variant.Symmi.93663(DB)
ESET Security (Windows)	a variant of Win32/Packed.Themida.HZB trojan
DrWeb Antivirus (Linux)	Trojan.PWS.Lumma.1113
Bitdefender Antivirus (Linux)	Gen:Variant.Symmi.93663
Kaspersky Standard (Windows)	Trojan.Win32.Phpw.btqs
Emsisoft Commandline Scanner (Windows)	Gen:Variant.Symmi.93663 (B)

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.tc
ALYac	Gen:Variant.Symmi.93663
Cylance	Unsafe
VIPRE	Gen:Variant.Symmi.93663
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Gen:Variant.Symmi.93663
Arcabit	Trojan.Symmi.D16DDF
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Avast	Win32:Evo-gen [Trj]
Kaspersky	VHO:Trojan-Spy.Win32.Convagent.gen
MicroWorld-eScan	Gen:Variant.Symmi.93663
Rising	Stealer.Agent!1.106CA (CLASSIC)
Emsisoft	Gen:Variant.Symmi.93663 (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen
McAfeeD	Real Protect-LS!4208CB745B34
Trapmine	malicious.high.ml.score
CTX	exe.unknown.symmi
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.4208cb745b3416b4
Google	Detected
Avira	TR/Crypt.XPACK.Gen
Kingsoft	malware.kb.b.989
Gridinsoft	Trojan.Heur!.038120A1
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Symmi.93663
Varist	W32/Themida.CT.gen!Eldorado
AhnLab-V3	Trojan/Win.Generic.R683293
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack
Zoner	Probably Heur.ExeHeaderL
huorong	HEUR:TrojanSpy/Stealer.ay
AVG	Win32:Evo-gen [Trj]

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File random.exe

Summary Download Resubmit sample

Score

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample