Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 7, 2021, 7:02 p.m.	Sept. 7, 2021, 7:17 p.m.

Size	8.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`3e7e25ad1c141f146e5ef2b18e624886`
SHA256	`4cb419b34caf346c3682e22c4981686033e6fc816f376deb89ac698771f55843`
CRC32	`5B9EDD42`
ssdeep	`192:KH0JH08lZH0yH08lg0dH08lKS1b62TC1:KCvZNvpvc2T`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
img.neko.airforce	A 167.172.239.151	167.172.239.151

IP Address	Status	Action
164.124.101.2	Active	Moloch
167.172.239.151	Active	Moloch

Flow	SID	Signature	Category
TCP 167.172.239.151:443 -> 192.168.56.102:49166	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49163 -> 167.172.239.151:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49164 -> 167.172.239.151:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

No Suricata TLS

MicroWorld-eScan	Gen:Variant.Razy.920134
Cylance	Unsafe
Cybereason	malicious.21efd2
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Razy.920134
NANO-Antivirus	Virus.Win32.Gen.ccmw
Rising	Trojan.Generic@ML.85 (RDML:CWjK5OM8Br6eNWqPSvxMMA)
Ad-Aware	Gen:Variant.Razy.920134
Emsisoft	Gen:Variant.Razy.920134 (B)
FireEye	Generic.mg.3e7e25ad1c141f14
Sophos	Generic ML PUA (PUA)
Microsoft	Trojan:Win32/Tnega!ml
GData	Gen:Variant.Razy.920134
Cynet	Malicious (score: 100)
Acronis	suspicious
BitDefenderTheta	Gen:NN.ZexaF.34126.auW@aW16Z5oi
MAX	malware (ai score=82)
VBA32	BScope.Trojan.Injects
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
CrowdStrike	win/malicious_confidence_80% (D)

vbc.exe