Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 25, 2021, 3:16 p.m.	June 25, 2021, 3:23 p.m.

Size	7.4MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`7779f0c76c2d0ec2b4f6327e7ffa04ad`
SHA256	`0d8350366ae41b08cbdc3bef85082c7de988bad53dc98f74863e8b3a362f1ece`
CRC32	`DB5853FB`
ssdeep	`196608:pd0aFUCsXDjDyfmdJolpPgToa10/9nFOnJ+kJdmEd6N:bLFUCEDLJ83a10tsErE8`
Yara	IsPE64 - (no description) OS_Processor_Check_Zero - OS Processor Check PE_Header_Zero - PE File Signature

QmXUa5QT7cyz8Z6BRzomC22a6o2kzwDBF4RPWmKaZpDBCJ.exe "C:\Users\test22\AppData\Local\Temp\QmXUa5QT7cyz8Z6BRzomC22a6o2kzwDBF4RPWmKaZpDBCJ.exe"
7680
- QmXUa5QT7cyz8Z6BRzomC22a6o2kzwDBF4RPWmKaZpDBCJ.exe "C:\Users\test22\AppData\Local\Temp\QmXUa5QT7cyz8Z6BRzomC22a6o2kzwDBF4RPWmKaZpDBCJ.exe"
  8232

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (11 events)

Time & API	Arguments	Status	Return
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: Traceback (most recent call last): console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "Lib\site-packages\PyInstaller\hooks\rthooks\pyi_rth_multiprocessing.py", line 17, in <module> console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "multiprocessing\__init__.py", line 16, in <module> console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "multiprocessing\context.py", line 6, in <module> console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "multiprocessing\reduction.py", line 16, in <module> console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "PyInstaller\loader\pyimod03_importers.py", line 540, in exec_module console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: File "socket.py", line 49, in <module> console_handle: 0x000000000000000b	1	1
WriteConsoleW June 25, 2021, 3:09 p.m.	buffer: ImportError: DLL load failed while importing _socket: 매개 변수가 틀립니다. console_handle: 0x000000000000000b	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 25, 2021, 3:09 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Creates executable files on the filesystem (6 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI76802\libffi-7.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI76802\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI76802\python38.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI76802\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI76802\pywintypes38.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI76802\libssl-1_1.dll

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

File has been identified by 38 AntiVirus engines on VirusTotal as malicious (38 events)

MicroWorld-eScan	Gen:Variant.Mikey.124915
FireEye	Gen:Variant.Mikey.124915
ALYac	Gen:Variant.Mikey.124915
Zillya	Trojan.Agent.Script.1081328
K7AntiVirus	Trojan ( 00537a571 )
Alibaba	TrojanSpy:Win64/KeyLogger.433271d3
K7GW	Trojan ( 00537a571 )
Cyren	W64/KeyLogger.AQ.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	Python/Spy.KeyLogger.AG
TrendMicro-HouseCall	TROJ_GEN.R002C0PFN21
Avast	FileRepMalware
Kaspersky	UDS:Trojan.Win32.Agent
BitDefender	Gen:Variant.Mikey.124915
Paloalto	generic.ml
Ad-Aware	Gen:Variant.Mikey.124915
Emsisoft	Gen:Variant.Mikey.124915 (B)
Comodo	TrojWare.Win32.Agent.luums@0
TrendMicro	TROJ_GEN.R002C0PFN21
McAfee-GW-Edition	BehavesLike.Win64.Dropper.wc
Sophos	Mal/Generic-S
Jiangmin	Trojan.PSW.Python.cj
Webroot	W32.Malware.Gen
Avira	TR/Spy.KeyLogger.jnxyg
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Generic.ASMalwS.329AD80
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win64.Agent.oa!s1
Microsoft	Trojan:Win32/Wacatac.B!ml
AegisLab	Trojan.Python.KeyLogger.l!c
GData	Gen:Variant.Mikey.124915
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.PWS.C4455518
McAfee	Artemis!7779F0C76C2D
Malwarebytes	Trojan.KeyLogger.Python
Tencent	Win32.Trojan-spy.Keylogger.Ahyn
Fortinet	W32/Python.KEYLOGGER!tr
AVG	FileRepMalware

QmXUa5QT7cyz8Z6BRzomC22a6o2kzwDBF4RPWmKaZpDBCJ

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All