Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 31, 2021, 6:01 p.m.	May 31, 2021, 6:06 p.m.

Size	8.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d850f8d4823240e54f834f85e09bd9e7`
SHA256	`19189d845acac54398888e27a66eb3771588bbde2080d3d3aab138053aee89e0`
CRC32	`D3AA4C7C`
ssdeep	`96:9UdIiPwjgrgq9EDVvNwOQsk/wA/vSGsSgFQm5aUqk3PI7IMvNHhqVKPyCldaurD2:9U+C1+xeOPQIjFQ1/cAfvNHhqxAgc2`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

svchost.exe "C:\Users\test22\AppData\Local\Temp\svchost.exe"
7388
- schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"
  5628

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW May 31, 2021, 6:01 p.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW May 31, 2021, 6:01 p.m.	buffer: SUCCESS: The scheduled task "Azure-Update-Task" has successfully been created. console_handle: 0x00000007	1	1	0

cmdline

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW May 31, 2021, 6:01 p.m.	thread_identifier: 3588 thread_handle: 0x000000ac process_identifier: 5628 current_directory: filepath: C:\Windows\System32\schtasks.exe track: 1 command_line: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe" filepath_r: C:\Windows\System32\schtasks.exe stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x000000b0	1	1	0

cmdline

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"

host

172.217.25.14

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Gen:Variant.Fugrafa.136849
ALYac	Gen:Variant.Fugrafa.136849
Cylance	Unsafe
Arcabit	Trojan.Fugrafa.D21691
ESET-NOD32	a variant of Win32/ClipBanker.ND
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Variant.Fugrafa.136849
Paloalto	generic.ml
Ad-Aware	Gen:Variant.Fugrafa.136849
Emsisoft	Gen:Variant.Fugrafa.136849 (B)
DrWeb	Trojan.MulDrop17.10469
FireEye	Gen:Variant.Fugrafa.136849
Sophos	ML/PE-A
Jiangmin	Trojan.Generic.gwvzt
Avira	TR/Crypt.XPACK.Gen8
Gridinsoft	Ransom.Win32.Banker.oa!s1
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Fugrafa.136849
Cynet	Malicious (score: 100)
AhnLab-V3	Suspicious/Win.Generic.C4496218
McAfee	GenericRXAA-AA!D850F8D48232
MAX	malware (ai score=88)
VBA32	BScope.Trojan.Tasker
Malwarebytes	Malware.AI.1517648553
Rising	Trojan.ClipBanker!8.5FB (RDMK:cmRtazquU98NkGrszzV1N4myIYXD)
BitDefenderTheta	Gen:NN.ZexaE.34692.aqW@aexmQl
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
MaxSecure	Trojan.Malware.300983.susgen

svchost.exe