Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 5, 2023, 2:21 p.m.	March 5, 2023, 2:27 p.m.

Size	15.5MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`3ace227a334fa18636c42ab18638abf2`
SHA256	`fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613`
CRC32	`DE28A7DE`
ssdeep	`393216:h9DNFabhV8d9LNJ+y3k2woJuQFkyRmazVNEJVZOUcryo8mRHVG5xR:rDNFwVeey3kZoFVR8qyo8mByR`
Yara	OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library

ColorMC.exe "C:\Users\test22\AppData\Local\Temp\ColorMC.exe"
2656

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 5, 2023, 2:21 p.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ March 5, 2023, 2:22 p.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x758577c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7585788a SHGetDataFromIDListW+0x314 SHGetFolderPathAndSubDirW-0x2832 shell32+0x328ef @ 0x748528ef ShellExecuteExW+0x5e1 SHGetNameFromIDList-0x8629 shell32+0x22427 @ 0x74842427 SHGetMalloc+0x17e0 ShellExecuteExW-0x64 shell32+0x21de2 @ 0x74841de2 ShellExecuteExW+0xb4 SHGetNameFromIDList-0x8b56 shell32+0x21efa @ 0x74841efa ShellExecuteExW+0x42 SHGetNameFromIDList-0x8bc8 shell32+0x21e88 @ 0x74841e88 New_shell32_ShellExecuteExW@4+0x1fa New_srvcli_NetShareEnum@28-0x8f @ 0x736f5f28 ShellExecuteEx+0x5d ShellExecuteA-0x3e shell32+0x24703a @ 0x74a6703a ShellExecuteA+0x73 ShellExec_RunDLLW-0x18 shell32+0x2470eb @ 0x74a670eb colormc+0x2051 @ 0x402051 colormc+0x1b32 @ 0x401b32 colormc+0x692b @ 0x40692b colormc+0x1413 @ 0x401413 colormc+0x15a5 @ 0x4015a5 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x73403c8c registers.esp: 2685492 registers.edi: 0 registers.eax: 1933589644 registers.ebp: 2685532 registers.edx: 0 registers.ebx: 0 registers.esi: 1933589644 registers.ecx: 8523112	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

March 5, 2023, 2:22 p.m.

stacktrace:

GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x758577c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7585788a
SHGetDataFromIDListW+0x314 SHGetFolderPathAndSubDirW-0x2832 shell32+0x328ef @ 0x748528ef
ShellExecuteExW+0x5e1 SHGetNameFromIDList-0x8629 shell32+0x22427 @ 0x74842427
SHGetMalloc+0x17e0 ShellExecuteExW-0x64 shell32+0x21de2 @ 0x74841de2
ShellExecuteExW+0xb4 SHGetNameFromIDList-0x8b56 shell32+0x21efa @ 0x74841efa
ShellExecuteExW+0x42 SHGetNameFromIDList-0x8bc8 shell32+0x21e88 @ 0x74841e88
New_shell32_ShellExecuteExW@4+0x1fa New_srvcli_NetShareEnum@28-0x8f @ 0x736f5f28
ShellExecuteEx+0x5d ShellExecuteA-0x3e shell32+0x24703a @ 0x74a6703a
ShellExecuteA+0x73 ShellExec_RunDLLW-0x18 shell32+0x2470eb @ 0x74a670eb
colormc+0x2051 @ 0x402051
colormc+0x1b32 @ 0x401b32
colormc+0x692b @ 0x40692b
colormc+0x1413 @ 0x401413
colormc+0x15a5 @ 0x4015a5
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x73403c8c
registers.esp: 2685492
registers.edi: 0
registers.eax: 1933589644
registers.ebp: 2685532
registers.edx: 0
registers.ebx: 0
registers.esi: 1933589644
registers.ecx: 8523112

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

MicroWorld-eScan	Trojan.GenericKD.65780412
FireEye	Trojan.GenericKD.65780412
McAfee	Artemis!3ACE227A334F
Zillya	Downloader.Agent.Win32.505724
Kaspersky	Trojan-Downloader.Win32.Agent.xyands
BitDefender	Trojan.GenericKD.65780412
Avast	Win32:Malware-gen
Tencent	Win32.Trojan-Downloader.Agent.Agow
McAfee-GW-Edition	BehavesLike.Win32.Trojan.wc
Gridinsoft	Trojan.Win32.Downloader.sa
ZoneAlarm	Trojan-Downloader.Win32.Agent.xyands
MAX	malware (ai score=82)
TrendMicro-HouseCall	TROJ_GEN.R002H07BS23
AVG	Win32:Malware-gen

ColorMC.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All