Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 25, 2021, 9:16 a.m.	June 25, 2021, 9:19 a.m.

Size	1017.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3cc22a1ec55d679078a0420d0aa35f69`
SHA256	`fa2a3d2d878502749a5c8b01a6244a8b9e2b7f0cb3b9d0d85cadc2a8dcb5a8dc`
CRC32	`F9BE8399`
ssdeep	`12288:dQtglygKLHn/DYCb3h6ljg42TgIuxObzc9VZ4dpMLZ5GL88Eew8x5:dQtKygoHv7h2E42TgH4dpozGLaewG5`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description)

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
3324

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 25, 2021, 9:16 a.m.		1	1	0

One or more processes crashed (4 events)

Time & API	Arguments	Status
__exception__ June 25, 2021, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1636076 registers.edi: 5719640 registers.eax: 1636076 registers.ebp: 1636156 registers.edx: 0 registers.ebx: 5719640 registers.esi: 5719640 registers.ecx: 2	1
__exception__ June 25, 2021, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1636696 registers.edi: 1636884 registers.eax: 1636696 registers.ebp: 1636776 registers.edx: 0 registers.ebx: 5719640 registers.esi: 1636884 registers.ecx: 2	1
__exception__ June 25, 2021, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1636772 registers.edi: 1636960 registers.eax: 1636772 registers.ebp: 1636852 registers.edx: 0 registers.ebx: 5719640 registers.esi: 1636960 registers.ecx: 2	1
__exception__ June 25, 2021, 9:16 a.m.	stacktrace: EbGetHandleOfExecutingProject+0x22b3 rtcPackDate-0xba9 msvbvm60+0xd0dcf @ 0x72a10dcf rtcDoEvents+0x131 __vbaError-0x626 msvbvm60+0xce228 @ 0x72a0e228 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008f exception.offset: 46887 exception.address: 0x76a7b727 registers.esp: 1634820 registers.edi: 5719640 registers.eax: 1634820 registers.ebp: 1634900 registers.edx: 0 registers.ebx: 5719640 registers.esi: 5719640 registers.ecx: 2	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 25, 2021, 9:16 a.m.	process_identifier: 3324 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 25, 2021, 9:16 a.m.	process_identifier: 3324 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x004d0000 process_handle: 0xffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Gen:Variant.Graftor.961874
FireEye	Generic.mg.3cc22a1ec55d6790
CAT-QuickHeal	Trojanpws.Msil
McAfee	RDN/Generic.grp
Cylance	Unsafe
Zillya	Trojan.Noon.Win32.17048
Sangfor	Riskware.Win32.Agent.ky
K7AntiVirus	Trojan ( 0057cd191 )
Alibaba	TrojanPSW:MSIL/Agensla.dbf34a9b
K7GW	Trojan ( 0057cd191 )
Cybereason	malicious.b70c18
Arcabit	Trojan.Graftor.DEAD52
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Injector.EPJE
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	Trojan-PSW.MSIL.Agensla.uut
BitDefender	Gen:Variant.Graftor.961874
Paloalto	generic.ml
Tencent	Win32.Trojan.Graftor.Lnyg
Ad-Aware	Gen:Variant.Graftor.961874
Emsisoft	Gen:Variant.Graftor.961874 (B)
DrWeb	Trojan.Inject4.12720
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R002C0PFK21
McAfee-GW-Edition	RDN/Generic.grp
SentinelOne	Static AI - Malicious PE
Avira	TR/Injector.cslhq
MAX	malware (ai score=100)
Gridinsoft	Trojan.Win32.Downloader.dd!n
Microsoft	Trojan:MSIL/Cryptor
GData	Gen:Variant.Graftor.961874
Cynet	Malicious (score: 100)
VBA32	Malware-Cryptor.VB.gen.1
Malwarebytes	Malware.AI.4278933080
TrendMicro-HouseCall	TROJ_GEN.R002C0PFK21
Yandex	Trojan.Injector!zMYDuAeoqyQ
Ikarus	Trojan.Win32.Injector
MaxSecure	Trojan.Malware.119052684.susgen
Fortinet	W32/EPJE!tr
BitDefenderTheta	Gen:NN.ZevbaF.34758.@m3@aGjf3!Mi
AVG	Win32:Malware-gen
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (W)

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All