Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 19, 2021, 10:41 a.m.	Sept. 19, 2021, 11:19 a.m.

Size	512.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`a6288732dfc7779369a4712b345070fb`
SHA256	`a24a7e0d6d9aa4646a455036c25fa9605e55b9282431ad057c84d6befcec6d6e`
CRC32	`25D67B42`
ssdeep	`6144:yyV26qmYQNOEwB9GGjYftGLwfbffBfUfwJudkGGGGGGGGGxGGGGGGGGGGGGGGGG7:yyV9SDEOyNrznO6Dr+R`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 19, 2021, 10:41 a.m.	process_identifier: 1908 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72d72000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 19, 2021, 10:41 a.m.	process_identifier: 1908 region_size: 102400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 19, 2021, 10:41 a.m.	process_identifier: 1908 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00330000 process_handle: 0xffffffff	1	0	0

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37595159
FireEye	Generic.mg.a6288732dfc77793
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005827151 )
Alibaba	Trojan:Win32/Tnega.6071f7db
K7GW	Trojan ( 005827151 )
Cybereason	malicious.47f7f2
BitDefenderTheta	Gen:NN.ZevbaCO.34142.Gm0@a8ZWbGfi
Cyren	W32/VBKrypt.AZV.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FKPS
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Trojan.GenericKD.37595159
Avast	Win32:Trojan-gen
Ad-Aware	Trojan.GenericKD.37595159
Emsisoft	Trojan.GenericKD.37595159 (B)
TrendMicro	TROJ_FRS.0NA103IH21
McAfee-GW-Edition	BehavesLike.Win32.Trojan.ht
Microsoft	Trojan:Win32/Tnega.SM!MTB
GData	Win32.Trojan.Agent.S9PEC6
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.GuLoader.R441618
McAfee	RDN/Generic.grp
MAX	malware (ai score=84)
Malwarebytes	Malware.AI.1157053110
TrendMicro-HouseCall	TROJ_FRS.0NA103IH21
SentinelOne	Static AI - Malicious PE
Fortinet	W32/GenKryptik.FKPS!tr
AVG	Win32:Trojan-gen
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_90% (W)

.svchost.exe