Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 27, 2021, 3:27 p.m.	Aug. 27, 2021, 3:53 p.m.

Size	517.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6d3d857dce2ce88c250574619f6a2f0a`
SHA256	`8026d8405b0cd43c956267197fb6f00d6f4c77274911d844a394b7e0897f2f29`
CRC32	`C512D0FF`
ssdeep	`12288:vtXl6Yhjq7reLShM8qxuTrQDf6Jf0ZGaRa2qH7vh:z6Yh3bxufmKOY2qb`
PDB Path	C:\bafotidesu\ce.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

0fd9ce44914b3beda3c86ba2163945e92f035620_2021-08-22_17-56.exe "C:\Users\test22\AppData\Local\Temp\0fd9ce44914b3beda3c86ba2163945e92f035620_2021-08-22_17-56.exe"
1760

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
34.117.59.81	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

C:\bafotidesu\ce.pdb

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 27, 2021, 3:27 p.m.	process_identifier: 1760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 323584 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024fe000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 27, 2021, 3:27 p.m.	process_identifier: 1760 region_size: 585728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00050400', u'virtual_address': u'0x00028000', u'entropy': 7.974540579905928, u'name': u'.data', u'virtual_size': u'0x01fb7e40'}

entropy

7.97454057991

description

A section with a high entropy has been found

entropy

0.622093023256

description

Overall entropy of this PE file is high

host

34.117.59.81

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
FireEye	Generic.mg.6d3d857dce2ce88c
CAT-QuickHeal	Ransom.Stop.Z5
McAfee	Packed-GDV!6D3D857DCE2C
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZexaF.34104.GqW@aSMsT4aK
Cyren	W32/Kryptik.EYC.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HMEJ
Paloalto	generic.ml
Kaspersky	HEUR:Trojan.Win32.Egguard.gen
BitDefender	Gen:Variant.Fragtor.10550
MicroWorld-eScan	Gen:Variant.Fragtor.10550
Avast	Win32:CrypterX-gen [Trj]
Ad-Aware	Gen:Variant.Fragtor.10550
Sophos	ML/PE-A
F-Secure	Trojan.TR/AD.StellarStealer.mdqea
DrWeb	Trojan.PWS.Siggen3.2349
McAfee-GW-Edition	BehavesLike.Win32.Dropper.hc
Emsisoft	Gen:Variant.Fragtor.10550 (B)
APEX	Malicious
Jiangmin	Trojan.PSW.Ficker.nw
MaxSecure	Trojan.Malware.300983.susgen
Avira	TR/AD.StellarStealer.mdqea
MAX	malware (ai score=83)
Microsoft	Trojan:Win32/Azorult.RM!MTB
GData	Win32.Trojan.BSE.DQ3JQ1
SentinelOne	Static AI - Suspicious PE
AhnLab-V3	Trojan/Win.MalPE.R438472
VBA32	BScope.Trojan.Chapak
ALYac	Gen:Variant.Fragtor.10550
Malwarebytes	Trojan.MalPack.GS
Rising	Trojan.Kryptik!1.C6FC (CLASSIC)
eGambit	Unsafe.AI_Score_54%
Fortinet	W32/Kryptik.HMEJ!tr
AVG	Win32:CrypterX-gen [Trj]
Panda	Trj/GdSda.A

0fd9ce44914b3beda3c86ba2163945e92f035620_2021-08-22_17-56.exe