Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 10, 2021, 5:17 p.m.	Sept. 10, 2021, 5:23 p.m.

Size	18.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`09abff7fd37311b306d557540ecbb5c0`
SHA256	`b67741cbd39464c7526c9cda83175c342aaba91fb990dd96d60083d028f00228`
CRC32	`03F3D498`
ssdeep	`384:HX8bO2AEgXhjXsm4sm4sm4sm3BqjbW6Y33VjXjXjXV3VjXXjXO7OjXjQ4X4MjMc5:HXtwwCz12kkhycyrsR2vZ`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
a.uguu.se	A 144.76.201.136	144.76.201.136

IP Address	Status	Action
144.76.201.136	Active	Moloch
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.102:49165 -> 144.76.201.136:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49163 -> 144.76.201.136:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 144.76.201.136:443 -> 192.168.56.102:49166	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic

No Suricata TLS

section

.00cfg

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 10, 2021, 5:17 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77b19ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77b19ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0xb00000 registers.esp: 3666892 registers.edi: 3667272 registers.eax: 3666912 registers.ebp: 3668280 registers.edx: 2130566132 registers.ebx: 513956538 registers.esi: 0 registers.ecx: 3862691840	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 10, 2021, 5:17 p.m.	process_identifier: 1092 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00f04000 process_handle: 0xffffffff	1	0	0

Lionic	Trojan.Multi.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
McAfee	RDN/Generic.grp
Alibaba	Backdoor:Win32/Remcos.a995b80d
CrowdStrike	win/malicious_confidence_70% (W)
Arcabit	Trojan.Razy.DE106D
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.FWI
APEX	Malicious
Kaspersky	Backdoor.Win32.Remcos.tth
BitDefender	Gen:Variant.Razy.921709
MicroWorld-eScan	Gen:Variant.Razy.921709
Avast	Win32:Trojan-gen
Tencent	Win32.Trojan-downloader.Agent.Hfn
Ad-Aware	Gen:Variant.Razy.921709
Sophos	Mal/Generic-S
McAfee-GW-Edition	BehavesLike.Win32.Emotet.lm
FireEye	Generic.mg.09abff7fd37311b3
Emsisoft	Gen:Variant.Razy.921709 (B)
Ikarus	Win32.Outbreak
Webroot	W32.Trojan.Gen
Kingsoft	Win32.Hack.Remcos.t.(kcloud)
Microsoft	Trojan:Win32/Tnega.VAM!MTB
ZoneAlarm	Backdoor.Win32.Remcos.tth
GData	Gen:Variant.Razy.921709
AhnLab-V3	Trojan/Win.Tnega.C4628818
VBA32	BScope.Trojan.Injects
ALYac	Gen:Variant.Razy.921709
MAX	malware (ai score=86)
Rising	Trojan.Generic@ML.80 (RDML:lv00IVAK+STScp+QI22yaw)
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Agent.FWI!tr.dldr
BitDefenderTheta	Gen:NN.ZexaCO.34142.byW@a8DwyUei
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A

vbc.exe