Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 9, 2023, 5:31 p.m.	March 9, 2023, 5:46 p.m.

Size	179.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`5a26b0142d5f9a8da8dae6c0fb70ad78`
SHA256	`f1ba1ca31663ce270a4f69787e02781ec1380dbcc1c70b49c3b52861050af6d7`
CRC32	`2FA99B7B`
ssdeep	`3072:bwevYpKTDMDU+fuuE46lC4PQyfHU6Ig4cjnjFRpbll/XbqefxlS3ETgmBN8vqI5L:sevY8mBu3wB4HzlrzPOefxoEBK7`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature

Brav.exe "C:\Users\test22\AppData\Local\Temp\Brav.exe"
2544

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 9, 2023, 5:32 p.m.			0	0
IsDebuggerPresent March 9, 2023, 5:32 p.m.			0	0
IsDebuggerPresent March 9, 2023, 5:32 p.m.			0	0

One or more processes crashed (4 events)

Time & API	Arguments	Status
__exception__ March 9, 2023, 5:32 p.m.	stacktrace: 0x4b8645 0x4b73fd RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 42466860 registers.edi: 11432473 registers.eax: 42466860 registers.ebp: 42466940 registers.edx: 2130553844 registers.ebx: 10914176 registers.esi: 1968998345 registers.ecx: 2051670016	1
__exception__ March 9, 2023, 5:32 p.m.	stacktrace: 0x4b73fd RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 51 ff 15 3c 13 4c 00 a1 94 30 4c 00 c3 8b 44 24 exception.instruction: push ecx exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b7e00 registers.esp: 42466972 registers.edi: 42467032 registers.eax: 0 registers.ebp: 42467088 registers.edx: 2130553844 registers.ebx: 10914176 registers.esi: 4947423 registers.ecx: 8172920	1
__exception__ March 9, 2023, 5:32 p.m.	stacktrace: 0x4b73fd RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: cc 50 ff 15 3c 13 4c 00 a1 94 30 4c 00 c3 8b 44 exception.instruction: int3 exception.exception_code: 0x80000003 exception.symbol: exception.address: 0x4b7e42 registers.esp: 42466972 registers.edi: 42467036 registers.eax: 8172920 registers.ebp: 42467088 registers.edx: 2130553844 registers.ebx: 10914176 registers.esi: 4947499 registers.ecx: 2051670016	1
__exception__ March 9, 2023, 5:32 p.m.	stacktrace: 0x4b7500 0x4b73fd RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: ff 15 3c 13 4c 00 a1 94 30 4c 00 c9 c3 8b 44 24 exception.instruction: call dword ptr [0x4c133c] exception.exception_code: 0x80000004 exception.symbol: exception.address: 0x4b8689 registers.esp: 42466960 registers.edi: 42467040 registers.eax: 770 registers.ebp: 42466968 registers.edx: 2130553844 registers.ebx: 10914176 registers.esi: 4949597 registers.ecx: 8172920	1

Allocates read-write-execute memory (usually to unpack itself) (6 events)

Time & API	Arguments	Status
NtProtectVirtualMemory March 9, 2023, 5:32 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 102400 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007b2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 9, 2023, 5:32 p.m.	process_identifier: 2544 region_size: 114688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 9, 2023, 5:32 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76f56000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 9, 2023, 5:32 p.m.	process_identifier: 2544 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 9, 2023, 5:32 p.m.	process_identifier: 2544 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00530000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 9, 2023, 5:32 p.m.	process_identifier: 2544 region_size: 16777216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02880000 allocation_type: 2109440 (MEM_COMMIT\|MEM_RESERVE\|MEM_WRITE_WATCH) process_handle: 0xffffffff	1

Detects Avast Antivirus through the presence of a library (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetDllHandle March 9, 2023, 5:32 p.m.	module_name: snxhk.dll module_address: 0x00000000 stack_pivoted: 0		3221225781	0
LdrGetDllHandle March 9, 2023, 5:32 p.m.	module_name: snxhk.dll module_address: 0x00000000 stack_pivoted: 0		3221225781	0

File has been identified by 41 AntiVirus engines on VirusTotal as malicious (41 events)

Bkav	W32.MushrwuNocC.Trojan
DrWeb	Trojan.DownLoader45.41138
MicroWorld-eScan	Gen:Variant.Zusy.448594
FireEye	Generic.mg.5a26b0142d5f9a8d
ALYac	Gen:Variant.Zusy.448594
Cylance	unsafe
Zillya	Trojan.Strab.Win32.879
CrowdStrike	win/malicious_confidence_70% (W)
K7GW	Trojan ( 0059f0951 )
K7AntiVirus	Trojan ( 0059f0951 )
BitDefenderTheta	Gen:NN.ZexaF.36308.lqW@a4tcFNk
VirIT	Trojan.Win32.Genus.NYZ
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win32/Agent.AFES
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Strab.gen
BitDefender	Gen:Variant.Zusy.448594
NANO-Antivirus	Trojan.Win32.Dwn.juuhsf
Avast	Win32:TrojanX-gen [Trj]
Tencent	Malware.Win32.Gencirc.10bddcf2
TACHYON	Trojan/W32.Strab.183808.C
Emsisoft	Gen:Variant.Zusy.448594 (B)
VIPRE	Gen:Variant.Zusy.448594
McAfee-GW-Edition	BehavesLike.Win32.Generic.ch
Trapmine	malicious.high.ml.score
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.Win32.Agent
Jiangmin	Trojan.Strab.boc
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Rhadamanthys.A!MTB
Gridinsoft	Ransom.Win32.Sabsik.oa!s1
Arcabit	Trojan.Zusy.D6D852
GData	Gen:Variant.Zusy.448594
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5378330
MAX	malware (ai score=80)
VBA32	Trojan.Khalesi
Rising	Stealer.Convagent!8.1326D (TFE:5:7fuwJMoABtV)
Fortinet	W32/Agent.AFCZ!tr
AVG	Win32:TrojanX-gen [Trj]

Brav.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All