Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 27, 2021, 5:31 p.m.	Aug. 27, 2021, 5:34 p.m.

Size	468.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`2644b63346379dd60b63309ff086eeef`
SHA256	`435c998c8561191ce56f0b97c521ab107645e42cd569af7a7ed34319d61c5c2d`
CRC32	`3018916C`
ssdeep	`6144:AG3NcAWqBIGGvF6GGLTudffBfEfBfBpZtCGGGGGGGGGGGGGGGGGGGGGGGGGGGGGF:Z3nB762f2tun`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

resource name

CUSTOM

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 27, 2021, 5:31 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d72000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 27, 2021, 5:32 p.m.	process_identifier: 2648 region_size: 106496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 27, 2021, 5:31 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x003b0000 process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Mucc.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.46870114
FireEye	Generic.mg.2644b63346379dd6
Sangfor	Trojan.Win32.Save.a
Arcabit	Trojan.Generic.D2CB2E62
BitDefenderTheta	Gen:NN.ZevbaF.34110.Dm0@aWfcKAgi
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HMFW
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Mucc.qoh
BitDefender	Trojan.GenericKD.46870114
Avast	FileRepMetagen [Malware]
Ad-Aware	Trojan.GenericKD.46870114
Emsisoft	Trojan.GenericKD.46870114 (B)
Comodo	TrojWare.Win32.UMal.clclm@0
McAfee-GW-Edition	BehavesLike.Win32.Trojan.gt
Sophos	Mal/Generic-S
APEX	Malicious
Kingsoft	Win32.Troj.Mucc.q.(kcloud)
Gridinsoft	Trojan.Win32.Generic.oa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Trojan.GenericKD.46870114
McAfee	Artemis!2644B6334637
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Mucc.QOH!tr
AVG	FileRepMetagen [Malware]
CrowdStrike	win/malicious_confidence_90% (W)
MaxSecure	Trojan.Malware.300983.susgen

.svchost.exe