popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

M0011.cab

KeyLogger Escalate priviledges AntiDebug AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 June 11, 2021, 4:34 p.m. June 11, 2021, 4:37 p.m.
Size 1.2MB
Type Microsoft Cabinet archive data, 1296707 bytes, 3 files
MD5 bfd9adc75c1b260cbc0aea6e544f080d
SHA256 4d111c8251daa20b361719595cea4b45ab8d3d87d72107df904dfb8844c037c3
CRC32 BD350D35
ssdeep 24576:snyhYkkpRKO2kB9+evVBNAMt6+WMdMCnK8opXUdocGf18EysF9uR0mGU:snWfqZ2kBfLNAMt6ZCnDdoBiEymgj
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
172.217.25.14 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 3172
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73772000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeRestorePrivilege
1 1 0
description Escalate priviledges rule Escalate_priviledges
description Run a KeyLogger rule KeyLogger
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
host 172.217.25.14