Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 18, 2021, 9:39 a.m.	Aug. 18, 2021, 9:41 a.m.

Size	1.1MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`dba25831a9434a39e84717c9f8f6ba57`
SHA256	`dffd43766e043c068486b3cf9c5abd2a63bf664a41b63befc65b5acd2b59711e`
CRC32	`8ECA01FF`
ssdeep	`24576:wDwDf2/NPJIDdInnCztQEKZm+jWodEESMcR8n:t72Fhe1zR8n`
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet

PROG8300_projectExecutable.exe "C:\Users\test22\AppData\Local\Temp\PROG8300_projectExecutable.exe"
2300

Name	Response	Post-Analysis Lookup
www.securityresearch.ca	A 64.235.108.186 CNAME securityresearch.ca	64.235.108.186

IP Address	Status	Action
164.124.101.2	Active	Moloch
64.235.108.186	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA Aug. 18, 2021, 9:39 a.m.	buffer: please enter the password: console_handle: 0x00000007	1	1	0

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET http://www.securityresearch.ca/infected/8K3F19/ServiceUpdater.exe

Performs some HTTP requests (1 event)

request

GET http://www.securityresearch.ca/infected/8K3F19/ServiceUpdater.exe

Creates executable files on the filesystem (4 events)

file	C:\Users\test22\AppData\Local\Temp\dropper.exe
file	C:\Users\test22\AppData\Local\Temp\vcruntime140.dll
file	C:\Users\test22\AppData\Local\Temp\Windows\System32\tapi3.dll
file	C:\Users\test22\AppData\Local\Temp\msvcp140.dll

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W32.AIDetectVM.malware1
Lionic	Trojan.Script.Generic.a!c
FireEye	Generic.mg.dba25831a9434a39
CAT-QuickHeal	Trojandownloader.Script
ALYac	Gen:Variant.Razy.724405
Cylance	Unsafe
Zillya	Exploit.Generic.Win32.287
Sangfor	Malware
K7AntiVirus	Exploit ( 005478fc1 )
Alibaba	TrojanDownloader:Win32/CVE-2017-0213.a45656b2
K7GW	Exploit ( 005478fc1 )
Cybereason	malicious.1a9434
Invincea	heuristic
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Exploit.CVE-2017-0213.B
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 85)
GData	Gen:Variant.Razy.724405
Kaspersky	HEUR:Trojan-Downloader.Script.Generic
BitDefender	Gen:Variant.Razy.724405
NANO-Antivirus	Trojan.Win32.CVE20170213.gksdex
MicroWorld-eScan	Gen:Variant.Razy.724405
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan.Razy.Wugw
Ad-Aware	Gen:Variant.Razy.724405
Sophos	Mal/Generic-S
Comodo	Malware@#1xcsxigm2fk7k
F-Secure	Exploit.EXP/CVE-2017-0213.gyfuu
DrWeb	Trojan.DownLoader30.46188
Emsisoft	Gen:Variant.Razy.724405 (B)
SentinelOne	DFI - Suspicious PE
Jiangmin	TrojanDownloader.Script.gwk
Avira	EXP/CVE-2017-0213.gyfuu
Endgame	malicious (high confidence)
Arcabit	Trojan.Razy.DB0DB5
ZoneAlarm	HEUR:Trojan-Downloader.Script.Generic
Microsoft	Trojan:Win32/Tiggre!rfn
AhnLab-V3	Trojan/Win32.Agent.C3604458
McAfee	Artemis!DBA25831A943
MAX	malware (ai score=85)
VBA32	BScope.Trojan.MulDrop
Rising	Exploit.CVE-2017-0213!8.E88E (CLOUD)
Yandex	Exploit.CVE-2017-0213!
Ikarus	Exploit.CVE-2017-0213
MaxSecure	Trojan.Malware.11403058.susgen
Fortinet	W32/Script.B!tr.dldr
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_80% (W)

PROG8300_projectExecutable.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All