Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 26, 2023, 10:45 a.m.	Jan. 26, 2023, 11:02 a.m.

Size	2.3MB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`f1354bde910724c6efa5bdd025827bdb`
SHA256	`b3d5ea551a96462e07797e0653ae380a9f9da71795bf7c1ed6bcecae77110e44`
CRC32	`F6F6184D`
ssdeep	`24576:u7vYc1xQOyMP/W50yO5oHmlve716oZOk9CP+8CcmP0TK7xfNCAf4IZAj9tspD7li:2YkQRKZOGX3OhvuKXttad3`
Yara	Generic_Malware_Zero - Generic Malware IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check anti_vm_detect - Possibly employs anti-virtualization techniques PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

nonetrollplease.exe "C:\Users\test22\AppData\Local\Temp\nonetrollplease.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.JVWQ

Time & API	Arguments	Status	Return	Repeated
__exception__ Jan. 26, 2023, 10:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 c4 04 e9 2e ae f0 ff exception.symbol: nonetrollplease+0x210681 exception.instruction: in eax, dx exception.module: nonetrollplease.exe exception.exception_code: 0xc0000096 exception.offset: 2164353 exception.address: 0x13d0681 registers.esp: 4258012 registers.edi: 4795993 registers.eax: 1750617430 registers.ebp: 18997248 registers.edx: 22614 registers.ebx: 18612224 registers.esi: 13 registers.ecx: 20	1	0	0
__exception__ Jan. 26, 2023, 10:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 c4 04 81 fb 68 58 4d exception.symbol: nonetrollplease+0x2106f5 exception.instruction: in eax, dx exception.module: nonetrollplease.exe exception.exception_code: 0xc0000096 exception.offset: 2164469 exception.address: 0x13d06f5 registers.esp: 4258012 registers.edi: 4795993 registers.eax: 1447909480 registers.ebp: 18997248 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1	0	0

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

registry

HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Jan. 26, 2023, 10:45 a.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Time & API	Arguments	Status	Return	Repeated
__exception__ Jan. 26, 2023, 10:45 a.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 c4 04 81 fb 68 58 4d exception.symbol: nonetrollplease+0x2106f5 exception.instruction: in eax, dx exception.module: nonetrollplease.exe exception.exception_code: 0xc0000096 exception.offset: 2164469 exception.address: 0x13d06f5 registers.esp: 4258012 registers.edi: 4795993 registers.eax: 1447909480 registers.ebp: 18997248 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1	0	0

Elastic	malicious (high confidence)
FireEye	Generic.mg.f1354bde910724c6
Cylance	Unsafe
Cybereason	malicious.a0b10f
BitDefenderTheta	Gen:NN.ZexaE.36212.t!Z@ai!o6Jm
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:Trojan-Spy.Win32.Stealer.ddkf
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Evo-gen [Trj]
McAfee-GW-Edition	BehavesLike.Win32.Trojan.vh
SentinelOne	Static AI - Suspicious PE
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Google	Detected
McAfee	Artemis!F1354BDE9107
VBA32	BScope.Trojan.Reconyc
Malwarebytes	Malware.Heuristic.1003
Rising	Trojan.Undefined!8.1327C (TFE:dGZlOgURyf1+bYboOA)
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.121218.susgen
AVG	Win32:Evo-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

nonetrollplease.exe