Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 31, 2021, 9:15 a.m.	May 31, 2021, 9:20 a.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`24b6fa846f9d1e068e55654ab7ab451b`
SHA256	`b53d74f5a5684895708e309f504eabd54e5ba55ae2158b3b285e286767f615ba`
CRC32	`05CCF701`
ssdeep	`49152:0OjPcwn1eVwp1msrtLMWt1oS3u+ChdnB/ude:Z91eVwpPlT3u+0nBB`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW May 31, 2021, 9:16 a.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW May 31, 2021, 9:16 a.m.	buffer: SUCCESS: The scheduled task "Azure-Update-Task" has successfully been created. console_handle: 0x00000007	1	1	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 31, 2021, 9:15 a.m.		1	1	0

section

.ndata

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 31, 2021, 9:15 a.m.	process_identifier: 8024 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1	0	0

file	C:\Users\test22\AppData\Roaming\BorisEyrichSoft\Artweaver\documentation.pdf

file	C:\Users\test22\AppData\Roaming\BorisEyrichSoft\Artweaver\vnz_217.exe
file	C:\Users\test22\AppData\Roaming\BorisEyrichSoft\Artweaver\PcUtility.exe
file	C:\Users\test22\AppData\Roaming\BorisEyrichSoft\Artweaver\libinfer3.dll

cmdline

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"

file	C:\Users\test22\AppData\Roaming\BorisEyrichSoft\Artweaver\PcUtility.exe
file	C:\Users\test22\AppData\Roaming\BorisEyrichSoft\Artweaver\vnz_217.exe
file	C:\Users\test22\AppData\Roaming\BorisEyrichSoft\Artweaver\libinfer3.dll

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW May 31, 2021, 9:16 a.m.	thread_identifier: 3812 thread_handle: 0x00000110 process_identifier: 4120 current_directory: filepath: C:\Windows\System32\schtasks.exe track: 1 command_line: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe" filepath_r: C:\Windows\System32\schtasks.exe stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x00000114	1	1	0

cmdline

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"

host

172.217.25.14

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36917763
FireEye	Generic.mg.24b6fa846f9d1e06
CAT-QuickHeal	Trojan.Multi
ALYac	Trojan.GenericKD.36917763
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Agentb.4!c
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0057ac811 )
BitDefender	Trojan.GenericKD.36917763
K7GW	Trojan ( 0057ac811 )
Cybereason	malicious.46f9d1
BitDefenderTheta	Gen:NN.ZexaF.34692.yqW@am7KLfci
Cyren	W32/Trojan.JJKQ-0864
Symantec	Backdoor.Cobalt!gen3
ESET-NOD32	multiple detections
APEX	Malicious
Avast	Win32:Malware-gen
ClamAV	Win.Trojan.CobaltStrike-7899872-1
Kaspersky	Trojan.Win32.Agentb.kkwt
Alibaba	Trojan:Win32/Agentb.30c7a433
NANO-Antivirus	Trojan.Win32.Agent.iukjys
ViRobot	Trojan.Win32.Z.Rozena.1903868
Tencent	Win32.Trojan.Agentb.Hrpe
Ad-Aware	Trojan.GenericKD.36917763
Sophos	Mal/Generic-R
Comodo	Malware@#1ol9n0oxxtp3w
DrWeb	Trojan.Loader.781
Zillya	Trojan.Generic.Win32.1393813
TrendMicro	TROJ_GEN.R011C0PE421
McAfee-GW-Edition	BehavesLike.Win32.Generic.tc
Emsisoft	Trojan.Rozena (A)
Webroot	W32.Trojan.GenKD
Avira	HEUR/AGEN.1142934
Antiy-AVL	Trojan/Generic.ASMalwS.30CAC8E
Kingsoft	Win32.Troj.Generic.a.(kcloud)
Gridinsoft	Trojan.Win32.Agent.oa
Microsoft	Trojan:Win32/Cobaltstrike.MK!MTB
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.GenericKD.36917763
Cynet	Malicious (score: 100)
McAfee	Artemis!24B6FA846F9D
MAX	malware (ai score=100)
VBA32	Trojan.Loader
Malwarebytes	Malware.AI.2968395177
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R011C0PE421
Rising	Dropper.Stioldaat!8.128A9 (CLOUD)

clip.exe