Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 11, 2021, 12:31 p.m.	Nov. 11, 2021, 12:39 p.m.

Size	11.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0db976950473d4512fe5ca7df2a0625d`
SHA256	`00c23828efd45ceba67fa28446d82b41f71acd12fdbdfe192bb39bea0fa498b0`
CRC32	`EEE6249C`
ssdeep	`192:OZoavHgi2cWXZL35st+vFaHjeG5WH7Te3vNHhqPzvY:uHxWXtQ+vFaabTe3irv`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

1cl.exe "C:\Users\test22\AppData\Local\Temp\1cl.exe"
2788
- schtasks.exe /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\test22\AppData\Roaming\Microsoft\TelemetryServices\fodhelper.exe"
  2848

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Nov. 11, 2021, 12:31 p.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Nov. 11, 2021, 12:31 p.m.	buffer: SUCCESS: The scheduled task "Telemetry Logging" has successfully been created. console_handle: 0x00000007	1	1	0

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW Nov. 11, 2021, 12:31 p.m.	thread_identifier: 2852 thread_handle: 0x000000ac process_identifier: 2848 current_directory: filepath: C:\Windows\System32\schtasks.exe track: 1 command_line: /C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\test22\AppData\Roaming\Microsoft\TelemetryServices\fodhelper.exe" filepath_r: C:\Windows\System32\schtasks.exe stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 0 process_handle: 0x000000b0	1	1	0

cmdline

/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\test22\AppData\Roaming\Microsoft\TelemetryServices\fodhelper.exe"

Bkav	W32.QuiccellF.Trojan
Lionic	Trojan.Win32.Tasker.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.874357
FireEye	Gen:Variant.Razy.874357
ALYac	Gen:Variant.Razy.874357
Cylance	Unsafe
Sangfor	Trojan.Win32.ClipBanker.ND
K7AntiVirus	Trojan ( 0057c4751 )
K7GW	Trojan ( 0057c4751 )
Arcabit	Trojan.Razy.DD5775
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/ClipBanker.ND
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan.Win32.Tasker.atzw
BitDefender	Gen:Variant.Razy.874357
Avast	Win32:PWSX-gen [Trj]
Tencent	Win32.Trojan.Tasker.Jcr
Ad-Aware	Gen:Variant.Razy.874357
DrWeb	Trojan.MulDrop18.45634
Zillya	Trojan.ClipBanker.Win32.11755
TrendMicro	TROJ_GEN.R002C0PKA21
Emsisoft	Trojan.ClipBanker (A)
Jiangmin	Trojan.Tasker.cdg
Webroot	W32.Tasker.atzw
Avira	TR/ATRAPS.Gen
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Generic.ASMalwS.34BCD53
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.Banker.oa!s1
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win32.Trojan-Stealer.Clipper.O3PTYV
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.SY.C4711996
McAfee	GenericRXOS-SY!0DB976950473
VBA32	BScope.Trojan.Tasker
Malwarebytes	Trojan.ClipBanker
TrendMicro-HouseCall	TROJ_GEN.R002C0PKA21
Rising	Trojan.Generic@ML.100 (RDML:iROyMHf1xQw4WImrD6Pcrw)
Ikarus	Win32.Outbreak
Fortinet	W32/ClipBanker.ND!tr
BitDefenderTheta	Gen:NN.ZexaF.34266.aqW@a0kaBCg
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)
MaxSecure	Trojan.Malware.300983.susgen

1cl.exe