popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

12341rgergg435g4tr.exe

Generic Malware Antivirus PE32 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Dec. 13, 2022, 8:02 a.m. Dec. 13, 2022, 8:04 a.m.
Size 959.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 df7a9a45a10c1942225eb9be257fb752
SHA256 c3230c24b469fe5d82786444d3c7a7d16d78eb65581c814dbc5329a80b65481f
CRC32 29C34DE5
ssdeep 24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdsF:Ujrc2So1Ff+B3k796e
Yara
  • Generic_Malware_Zero - Generic Malware
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • Antivirus - Contains references to security software

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Program Files\Mozilla Firefox\firefox.exe
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 2424796
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: C:\
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 9931964416
free_bytes_available: 9931964416
root_path: C:\
total_number_of_bytes: 34252779520
1 1 0
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000001e4
process_name: mobsync.exe
process_identifier: 1552
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: pw.exe
process_identifier: 288
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: wsqmcons.exe
process_identifier: 880
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: sdclt.exe
process_identifier: 1208
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: cmd.exe
process_identifier: 416
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: SearchProtocolHost.exe
process_identifier: 808
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: conhost.exe
process_identifier: 1028
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: SearchFilterHost.exe
process_identifier: 1488
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: 12341rgergg435g4tr.exe
process_identifier: 300
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: pw.exe
process_identifier: 2052
1 1 0

Process32NextW

 snapshot_handle: 0x000001e4
process_name: vc
process_identifier: 6357093
0 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
reg_key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\{E7894974-2828-CFE0-79A7-7920B9D0E148} reg_value "C:\Users\test22\AppData\Local\Temp\12341rgergg435g4tr.exe"
Time & API Arguments Status Return Repeated

NtWriteFile

 buffer: LockBit 2.0 Ransomware Your data are stolen and encrypted The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion and https://bigblog.at if you do not pay the ransom You can contact us and decrypt one file for free on these TOR sites http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion OR https://decoding.at Decryption ID: F189D874E328CF93E62A9EAF8836B6D6
offset: 0
file_handle: 0x000002cc
filepath: C:\GPKI\Restore-My-Files.txt
1 259 0

NtWriteFile

 buffer: LockBit 2.0 Ransomware Your data are stolen and encrypted The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion and https://bigblog.at if you do not pay the ransom You can contact us and decrypt one file for free on these TOR sites http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion OR https://decoding.at Decryption ID: F189D874E328CF93E62A9EAF8836B6D6
offset: 0
file_handle: 0x000002cc
filepath: C:\Restore-My-Files.txt
1 259 0
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Generic.4!c
Elastic Windows.Ransomware.Lockbit
MicroWorld-eScan Gen:Variant.Ransom.Lockbit2.9
CAT-QuickHeal Trojan.LckbitRnsm.S21641235
ALYac Trojan.Ransom.LockBit
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Alibaba Ransom:Win32/Lockbit.c99
K7GW Trojan ( 0057f63d1 )
K7AntiVirus Trojan ( 0057f63d1 )
VirIT Ransom.Win32.LockBit.DAM
Cyren W32/Ransom.PM.gen!Eldorado
Symantec Ransom.Lockbit
tehtris Generic.Malware
ESET-NOD32 a variant of Win32/Filecoder.Lockbit.E
APEX Malicious
Cynet Malicious (score: 100)
BitDefender Gen:Variant.Ransom.Lockbit2.9
NANO-Antivirus Virus.Win32.Gen.ccmw
Avast Win32:LockBit-A [Ransom]
Tencent Trojan.Win32.Lockbit.a
Ad-Aware Gen:Variant.Ransom.Lockbit2.9
TACHYON Ransom/W32.Lockbit.982528
DrWeb Trojan.Encoder.34248
TrendMicro Ransom.Win32.LOCKBIT.SMYEBGW
Trapmine malicious.high.ml.score
Sophos Mal/Generic-S + Troj/Lockbit-D
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Agent.dltk
Webroot W32.Ransomware.Lockbit
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Trojan/Win32.GenKryptik
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Ransom.Win32.LockBit.bot
Arcabit Trojan.Ransom.Lockbit2.9
ViRobot Trojan.Win32.Lockbit.982528
Google Detected
AhnLab-V3 Ransomware/Win.LockBit.R487041
Acronis suspicious
McAfee Lockbit!DF7A9A45A10C
MAX malware (ai score=84)
VBA32 Trojan.Encoder
Rising Ransom.LockBit!1.D854 (CLASSIC)
Ikarus Trojan-Ransom.LockBit
MaxSecure Trojan.Malware.12310942.susgen
Fortinet W32/Lockbit.C2F8!tr.ransom
BitDefenderTheta Gen:NN.ZexaF.36106.7mW@aqwWnog
AVG Win32:LockBit-A [Ransom]
dead_host 192.168.56.1:445
dead_host 192.168.56.1:135
dead_host 192.168.56.103:49165
dead_host 192.168.56.103:49166