Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 4, 2021, 9:30 a.m.	Aug. 4, 2021, 9:49 a.m.

Size	685.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f935b6c7f24be477a23044fa9a9dc9a5`
SHA256	`4827c1bdf5000cc8fc280fa631d36c752d0cdd7b0b357671ef1ebc46a11c440f`
CRC32	`0120F6F4`
ssdeep	`12288:8Bszn2zd6HX+qs+WWhRmmXikb0iTvDcicTB4vs8w:2mnAd6OqszYRmsXb0iTrcVyvs8w`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.21.19.200	Active	Moloch
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 4, 2021, 9:30 a.m.	process_identifier: 2416 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003df000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 4, 2021, 9:30 a.m.	process_identifier: 2416 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 4, 2021, 9:30 a.m.	process_identifier: 2416 region_size: 225280 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00430000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess Aug. 4, 2021, 9:30 a.m.	status_code: 0x00000000 process_identifier: 2260 process_handle: 0x000000a8		0	0
NtTerminateProcess Aug. 4, 2021, 9:30 a.m.	status_code: 0x00000000 process_identifier: 2260 process_handle: 0x000000a8	1	0	0

host

104.21.19.200

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Androm.m!c
MicroWorld-eScan	Gen:Variant.Razy.901409
FireEye	Generic.mg.f935b6c7f24be477
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Backdoor:Win32/Androm.1ee73eaf
BitDefenderTheta	Gen:NN.ZexaF.34050.QuZ@aWD4!Pbi
Cyren	W32/Kryptik.EUO.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HLXS
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Gen:Variant.Razy.901409
APEX	Malicious
Ad-Aware	Gen:Variant.Razy.901409
Sophos	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.Generic.jh
Emsisoft	Gen:Variant.Razy.901409 (B)
GData	Gen:Variant.Razy.901409
Cynet	Malicious (score: 100)
McAfee	GenericRXPN-FX!F935B6C7F24B
MAX	malware (ai score=83)
VBA32	BScope.Trojan.Vittalia
Malwarebytes	Spyware.FormBook
Avast	Win32:PWSX-gen [Trj]
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/Kryptik.HLXS!tr
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Heur.Generic.HwoCueAA

sya.exe