Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 8, 2021, 1:11 p.m.	Nov. 8, 2021, 1:23 p.m.

Size	293.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`c86235ec2e69ecdcd4a738b6903981a0`
SHA256	`e4ea7d80c6568179346b8c5213338f4684703b0f71466a848840a6e9a5b74f51`
CRC32	`3C52B381`
ssdeep	`6144:M7wLFxVvTDhqhyN8x/UYv3XcwKJzww93vfIeJZLMY:M7YFHTDYlUYv3o7`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

RuntimeBroker.exe "C:\Users\test22\AppData\Local\Temp\RuntimeBroker.exe"
2772

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\updater.lnk

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Lionic	Trojan.Win32.ClipBanker.trUq
MicroWorld-eScan	Gen:Variant.Razy.954783
FireEye	Gen:Variant.Razy.954783
ALYac	Gen:Variant.Razy.954783
Cylance	Unsafe
Sangfor	Trojan.Win32.ClipBanker.qsk
K7AntiVirus	Trojan ( 005884451 )
Alibaba	TrojanBanker:Win32/ClipBanker.24e7d81d
K7GW	Trojan ( 005884451 )
Arcabit	Trojan.Razy.DE919F
Cyren	W64/ClipBanker.AE.gen!Eldorado
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/ClipBanker.Z
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Banker.Win32.ClipBanker.qsk
BitDefender	Gen:Variant.Razy.954783
Avast	Win64:BankerX-gen [Trj]
Tencent	Win32.Trojan-banker.Clipbanker.Syri
Ad-Aware	Gen:Variant.Razy.954783
Sophos	Mal/Generic-S
Comodo	Malware@#1wl4dtorwoos6
DrWeb	Trojan.PWS.Banker1.36912
Zillya	Trojan.ClipBanker.Win64.43
TrendMicro	TROJ_GEN.R002C0GJM21
McAfee-GW-Edition	RDN/PWS-Banker
Emsisoft	Gen:Variant.Razy.954783 (B)
Jiangmin	Trojan.Banker.ClipBanker.bjd
Webroot	W32.Trojan.Gen
Avira	TR/Spy.Banker.ksxpk
Antiy-AVL	Trojan/Generic.ASMalwS.34BDD2A
Kingsoft	Win32.Troj.Banker.(kcloud)
Gridinsoft	Ransom.Win64.Banker.sa
Microsoft	Trojan:Win32/Mamson.A!ac
ZoneAlarm	Trojan-Banker.Win32.ClipBanker.qsk
GData	Gen:Variant.Razy.954783
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4666069
McAfee	RDN/PWS-Banker
MAX	malware (ai score=88)
VBA32	TrojanBanker.ClipBanker
Malwarebytes	Trojan.Clipper
TrendMicro-HouseCall	TROJ_GEN.R002C0GJM21
Yandex	Trojan.PWS.ClipBanker!rSQYN80RL+w
Ikarus	Trojan.Win64.Clipbanker
Fortinet	W64/ClipBanker.Z!tr
AVG	Win64:BankerX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.1728101.susgen

RuntimeBroker.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All