Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 9, 2021, 4:57 p.m.	April 9, 2021, 5:05 p.m.

Size	159.5KB
Type	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`9e734e717cf11f1917493be4cfc0e0b2`
SHA256	`cc938b99d339e06fd412b0afa2b031d6586e76c92e185f2018d3e16e71876d7f`
CRC32	`66910554`
ssdeep	`3072:jDSCcWRMyEWr4SaXM+Ckpj3WxHW3BXegZ73H5LC:HPho93Wx23Jk`
Yara	win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsConsole - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
ClamAV	Win.Exploit.CVE_2021_1647-9818940-0
ALYac	Gen:Heur.Emotet.5
Malwarebytes	Malware.AI.4214336810
VIPRE	Exploit.Win32.CVE-2021-1647.b (v)
AegisLab	Hacktool.Win32.CVE-2021-1647.3!c
K7AntiVirus	Exploit ( 005761231 )
BitDefender	Gen:Heur.Emotet.5
K7GW	Exploit ( 005761231 )
Cybereason	malicious.17cf11
Cyren	W32/Dropper.6!Generic
ESET-NOD32	a variant of Win32/Exploit.CVE-2021-1647.A
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 90)
Kaspersky	HEUR:Exploit.Win32.CVE-2021-1647.a
Alibaba	Exploit:Win32/CVE-2021-1647.bf72d53b
NANO-Antivirus	Exploit.Win32.CVE20211647.ikvpes
MicroWorld-eScan	Gen:Heur.Emotet.5
Rising	Exploit.CVE-2021-1647!8.12346 (CLOUD)
Ad-Aware	Gen:Heur.Emotet.5
Comodo	Malware@#2vx1v4ao2mflm
DrWeb	MULDROP.Trojan
Zillya	Exploit.CVE20211647.Win32.8
McAfee-GW-Edition	GenericRXNN-SM!9E734E717CF1
FireEye	Generic.mg.9e734e717cf11f19
Sophos	Exp/20211647-A
SentinelOne	Static AI - Suspicious PE
Jiangmin	Exploit.CVE-2021-1647.d
Avira	TR/Redcap.lqnli
MAX	malware (ai score=83)
Gridinsoft	Trojan.Win32.Downloader.oa
Arcabit	Trojan.Emotet.5
GData	Gen:Heur.Emotet.5
AhnLab-V3	Trojan/Win32.Exploit.CVE-2021-1647.C4301230
Acronis	suspicious
McAfee	GenericRXNN-SM!9E734E717CF1
VBA32	Exploit.CVE-2021-1647
Cylance	Unsafe
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Trojan.Win32.CVE20211647.A
Tencent	Win32.Exploit.Cve-2021-1647.Hwml
Ikarus	Exploit.CVE-2021-1647
Fortinet	W32/CVE_2021_1647.A!tr
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Exploit.Generic.HgIASOUA

bakamla0001.png

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All