Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 7, 2023, 5:54 p.m.	April 7, 2023, 5:59 p.m.

Size	11.5MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`951ac38437711fc0c4fc6268250a823d`
SHA256	`04068045a1e383d70522914bfd3ac40b0203d0cd13687ad217b92eca44450f86`
CRC32	`5B69783D`
ssdeep	`196608:zYPaLXL9HLAlnipb7KX/Hd3e1BB6yLnlPzf+JiT4n3XWKsMvYu8ursYPIkfhptE5:0PaLbxAlniYXPMBRLnlPSF3Vvvf8UsY2`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) PE_Header_Zero - PE File Signature

Impulse.exe "C:\Users\test22\AppData\Local\Temp\Impulse.exe"
1532
- Impulse.exe "C:\Users\test22\AppData\Local\Temp\Impulse.exe"
  2112

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 7, 2023, 5:47 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 7, 2023, 5:47 p.m.	stacktrace: 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x7fef7c97ef8 registers.r14: 0 registers.r15: 196970 registers.rcx: 196970 registers.rsi: 1 registers.r10: 196970 registers.rbx: 0 registers.rsp: 2188936 registers.r11: 0 registers.r8: 1 registers.r9: 0 registers.rdx: 28 registers.r12: 0 registers.rbp: 9540256 registers.rdi: 0 registers.rax: 2189040 registers.r13: 28	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

April 7, 2023, 5:47 p.m.

stacktrace:

0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196970
registers.rcx: 196970
registers.rsi: 1
registers.r10: 196970
registers.rbx: 0
registers.rsp: 2188936
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 9540256
registers.rdi: 0
registers.rax: 2189040
registers.r13: 28

Creates executable files on the filesystem (7 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI15322\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI15322\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI15322\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI15322\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI15322\python311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI15322\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI15322\pywin32_system32\pywintypes311.dll

File has been identified by 22 AntiVirus engines on VirusTotal as malicious (22 events)

Lionic	Trojan.Win32.Shelm.tseF
Elastic	malicious (high confidence)
Malwarebytes	RiskWare.Obfuscated.Python.Generic
K7AntiVirus	Trojan ( 0059051f1 )
K7GW	Trojan ( 0059051f1 )
CrowdStrike	win/malicious_confidence_100% (D)
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/Almi_Generic.c
Tencent	Win32.Trojan-QQPass.QQRob.Ozfl
F-Secure	Heuristic.HEUR/AGEN.1353340
Jiangmin	Trojan.Generic.horqm
Avira	HEUR/AGEN.1353340
Gridinsoft	Ransom.Win64.Wacatac.sa
ZoneAlarm	HEUR:Trojan-PSW.Python.Agent.gen
Cynet	Malicious (score: 99)
AhnLab-V3	Trojan/Win.Agent.C5406783
DeepInstinct	MALICIOUS
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002H0AD623
Rising	Spyware.Agent/PYC!1.E350 (CLASSIC)
Fortinet	Python/Agent.GN!tr

Impulse.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All