Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 3, 2021, 10 a.m.	Sept. 3, 2021, 10:02 a.m.

Size	49.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d5fda1a31aa08a72883cdc3752ea681f`
SHA256	`78852458f761f88b1cee45637281d1edd675fc3976ab0acdb2445fe4230fcd7e`
CRC32	`CA1B9483`
ssdeep	`768:8ZIqZycEr//ezVXjy3/C0eG8qBVVTlWOH4ue0DjlwNIe1vCw77UpcEE57K7DC+KE:kIqZycEizpu37B6034lvNkE5YsmD`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\SandboxieInstall.exe
file	C:\Users\test22\AppData\Local\Temp\e_KJpx.exe
file	C:\Users\test22\AppData\Local\Temp\202005191702_6d173b9549ce4fe1e5ada5ab9ce0bfff5d9569f19e7fa916db5c8d4f0dace63b_setup_nwc275a_demo.exe
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\winamp58_3660_beta_full_en-us[1].exe

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Cynet	Malicious (score: 100)
ALYac	Trojan.Agent.FMCT
Malwarebytes	Malware.AI.1904552035
Arcabit	Trojan.Agent.FMCT
ESET-NOD32	a variant of Win32/Filecoder.OIG
APEX	Malicious
Kaspersky	VHO:Trojan-Ransom.Win32.Convagent.gen
BitDefender	Trojan.Agent.FMCT
MicroWorld-eScan	Trojan.Agent.FMCT
Avast	Win32:MalwareX-gen [Trj]
Rising	Ransom.Erica!1.D8FB (CLASSIC)
Ad-Aware	Trojan.Agent.FMCT
DrWeb	Trojan.Encoder.34290
FireEye	Generic.mg.d5fda1a31aa08a72
Emsisoft	Trojan.Agent.FMCT (B)
Ikarus	Trojan.Win32.Vilsel
Antiy-AVL	Trojan/Generic.ASMalwS.347D495
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Trojan.Agent.FMCT
AhnLab-V3	Ransomware/Win.Agent.C4608753
MAX	malware (ai score=82)
VBA32	BScope.TrojanRansom.Encoder
Cylance	Unsafe
Tencent	Malware.Win32.Gencirc.11cb0ed2
SentinelOne	Static AI - Suspicious PE
eGambit	Unsafe.AI_Score_99%
BitDefenderTheta	Gen:NN.ZelphiF.34126.dGW@ay8@e5ii
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A

Drops 1879 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 1879 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\kn\messages.json.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\081[1].png.481246
file	C:\Users\All Users\Microsoft Help\MS.OIS.12.1033.hxn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hu\messages.json.481246
file	C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\062355cb-541f-4bcc-a783-7a323705728d[1].jpg.481246
file	C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\pl\messages.json.481246
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\396[1].png.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ar\messages.json.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\sr\messages.json.481246
file	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\behavior.xml.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CURBIYE7\klldr[1].js.481246
file	C:\Users\All Users\Microsoft Help\MS.SETLANG.12.1042.hxn
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\cropImg_196x196_38699317823237099[1].jpg.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\sv\messages.json.481246
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk.481246
file	C:\Users\test22\AppData\Roaming\EditPlus\html4.ctl.481246
file	C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-ntkl.etl.481246
file	C:\Users\test22\AppData\Local\pip\cache\wheels\c4\70\12\47ad53247da7e814e180a8361612b17bab8f7b9aa071318695\PyMsgBox-1.0.8-cp27-none-any.whl.481246
file	C:\Users\test22\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
file	C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\superbar.png.481246
file	C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\scan_.ico.481246
file	C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\edf4da6f-f1d6-4a76-a095-b0506598dc0f[1].jpg.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log.481246
file	C:\Users\test22\AppData\Local\Microsoft\Internet Explorer\DOMStore\1XU2ZD41\cryptopay[1].xml.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\143[1].png.481246
file	C:\ProgramData\Microsoft Help\MS.OIS.12.1042.hxn.481246
file	C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\cs\messages.json.481246
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk.481246
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Recent\agent.pyw.lnk.481246
file	C:\Users\test22\Documents\ZyMQVIOJRV.rtf
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\sk\messages.json.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dthumbCA4XL1V3.jpg.481246
file	C:\Users\test22\Documents\FOwRatdvSt.docm.481246
file	C:\Users\test22\AppData\Local\Temp\MSIc6ae6.LOG.481246
file	C:\Users\test22\Documents\JDHeJjBWHuxqp.doc
file	C:\Users\test22\AppData\Local\Microsoft\Office\ONetConfig\69cae1c4be4adf66526a3c210dbcb810.sig
file	C:\Users\test22\AppData\Roaming\Microsoft\Document Building Blocks\1042\14\Built-In Building Blocks.dotx.481246
file	C:\ProgramData\Microsoft Help\MS.SETLANG.12.1042.hxn.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\dthumb[3].png.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\hu\messages.json.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico.481246
file	C:\Users\test22\AppData\Local\Temp\IME2010imeklmg00000002.log.481246
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\zh_TW\messages.json.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\search.jindo.20200326[1].js.481246
file	C:\Users\test22\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg.481246

e_KJpx.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All