Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 1, 2021, 10:57 a.m.	June 1, 2021, 10:57 a.m.

Size	8.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d850f8d4823240e54f834f85e09bd9e7`
SHA256	`19189d845acac54398888e27a66eb3771588bbde2080d3d3aab138053aee89e0`
CRC32	`D3AA4C7C`
ssdeep	`96:9UdIiPwjgrgq9EDVvNwOQsk/wA/vSGsSgFQm5aUqk3PI7IMvNHhqVKPyCldaurD2:9U+C1+xeOPQIjFQ1/cAfvNHhqxAgc2`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

svchost.exe "C:\Users\test22\AppData\Local\Temp\svchost.exe"
2216
- schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"
  2208

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW June 1, 2021, 10:57 a.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW June 1, 2021, 10:57 a.m.	buffer: SUCCESS: The scheduled task "Azure-Update-Task" has successfully been created. console_handle: 0x00000007	1	1	0

cmdline

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW June 1, 2021, 10:57 a.m.	thread_identifier: 2384 thread_handle: 0x000000ac process_identifier: 2208 current_directory: filepath: C:\Windows\System32\schtasks.exe track: 1 command_line: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe" filepath_r: C:\Windows\System32\schtasks.exe stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x000000b0	1	1	0

cmdline

/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\test22\AppData\Roaming\Microsoft\Network\sqlcmd.exe"

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Gen:Variant.Fugrafa.136849
FireEye	Gen:Variant.Fugrafa.136849
CAT-QuickHeal	Trojan.Generic
ALYac	Gen:Variant.Fugrafa.136849
Cylance	Unsafe
Sangfor	Trojan.Win32.Generic.ky
K7AntiVirus	Trojan ( 0057c4751 )
BitDefender	Gen:Variant.Fugrafa.136849
K7GW	Trojan ( 0057c4751 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/ClipBanker.ND
APEX	Malicious
Avast	Win32:Trojan-gen
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/ClipBanker.f90fe489
ViRobot	Trojan.Win32.Z.Fugrafa.8704.B
Ad-Aware	Gen:Variant.Fugrafa.136849
DrWeb	Trojan.MulDrop17.10469
Zillya	Trojan.ClipBanker.Win32.10330
Ikarus	Trojan.Win32.Clipbanker
Jiangmin	Trojan.Generic.gwvzt
Avira	TR/Crypt.XPACK.Gen8
MAX	malware (ai score=100)
Microsoft	Trojan:Win32/Bomitag.D!ml
Gridinsoft	Ransom.Win32.Banker.vb
Arcabit	Trojan.Fugrafa.D21691
GData	Gen:Variant.Fugrafa.136849
Cynet	Malicious (score: 100)
AhnLab-V3	Suspicious/Win.Generic.C4496218
VBA32	BScope.Trojan.Tasker
Malwarebytes	Malware.AI.1517648553
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R06CH0CET21
Tencent	Win32.Trojan.Generic.Wrga
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/ClipBanker.ND!tr
BitDefenderTheta	Gen:NN.ZexaE.34692.aqW@aexmQl
AVG	Win32:Trojan-gen
Paloalto	generic.ml

svchost.exe