popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

336601.7z

KeyLogger Escalate priviledges AntiDebug AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 28, 2021, 8:04 a.m. May 28, 2021, 8:07 a.m.
Size 504.6KB
Type 7-zip archive data, version 0.4
MD5 f958bdca722740cdb24e86b349be4f96
SHA256 58346054b994c6aca1ceb45005999f353eabd1650d1e8d498c13b566a8dfabcc
CRC32 B6AC8E1D
ssdeep 12288:XClgaP/uZ01nYSHJrDBb94u+8q7peIBOzTqFXvdGCiQp0:XeuZ01nYSh74+meIBOzTqdFGOe
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 4864
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeRestorePrivilege
1 1 0
description Escalate priviledges rule Escalate_priviledges
description Run a KeyLogger rule KeyLogger
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
host 172.217.25.14
Malwarebytes Trojan.MalPack.PNG.Generic
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0057d1921 )
K7GW Trojan ( 0057d1921 )
Cyren W32/Trojan.GHD.gen!Eldorado
ESET-NOD32 a variant of MSIL/Kryptik.ABCZ
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan-Spy.MSIL.Noon.gen
BitDefender Trojan.GenericKD.46364796
MicroWorld-eScan Trojan.GenericKD.46364796
Sophos Mal/Generic-S
F-Secure Trojan.TR/AD.Swotter.bojrs
DrWeb Trojan.PackedNET.763
McAfee-GW-Edition Artemis!32C08EE99AF3
FireEye Trojan.GenericKD.46364796
Emsisoft Trojan.GenericKD.46364796 (B)
Ikarus Trojan.MSIL.Inject
GData Win32.Trojan-Stealer.FormBook.2URRT3
Avira TR/AD.Swotter.bojrs
Arcabit Trojan.Generic.D2C3787C
AegisLab Trojan.Multi.Generic.4!c
ZoneAlarm HEUR:Trojan-Spy.MSIL.Noon.gen
Microsoft Trojan:Script/Wacatac.B!ml
AhnLab-V3 Trojan/Win.Kryptik.R422796
MAX malware (ai score=81)
Rising Trojan.Kryptik!8.8 (CLOUD)
SentinelOne Static AI - Malicious Archive
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Kryptik.ABCM!tr
BitDefenderTheta Gen:NN.ZemsilF.34692.4m0@aWi0rLb