Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	April 27, 2023, 4:41 p.m.	April 27, 2023, 4:45 p.m.

Size	58.0KB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`8edbcdafc2b2752bb2391b62e9093218`
SHA256	`3fdd327bf4c63a7b2a531571e5cb2aedf4bb57345fff941ed167181ec6de0365`
CRC32	`C471DA11`
ssdeep	`384:xtNmj7gve8AWE0prvzaRsayXJ+Gij0ubE1HO0x+bIyBlkNUclTJxqh+sKlO1Nf:xtNmfl8AWE0Lh0bICl8lTJDO`
Yara	PhysicalDrive_20181001 - (no description) Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) PE_Header_Zero - PE File Signature

Thallium.exe "C:\Users\test22\AppData\Local\Temp\Thallium.exe"
1508

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
198.50.231.138	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (4 events)

Time & API	Arguments	Status
__exception__ April 27, 2023, 4:41 p.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x742f77b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x7564fd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x7564fd57 thallium+0x29c9 @ 0x4029c9 thallium+0x13e2 @ 0x4013e2 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x74173f46 registers.esp: 2685276 registers.edi: 0 registers.eax: 1947680582 registers.ebp: 2685316 registers.edx: 0 registers.ebx: 0 registers.esi: 1947680582 registers.ecx: 8785256	1
__exception__ April 27, 2023, 4:41 p.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x742f77b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x7564fd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x7564fd57 thallium+0x29c9 @ 0x4029c9 thallium+0x13e2 @ 0x4013e2 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x74173f46 registers.esp: 2685276 registers.edi: 0 registers.eax: 1947680582 registers.ebp: 2685316 registers.edx: 0 registers.ebx: 0 registers.esi: 1947680582 registers.ecx: 8785256	1
__exception__ April 27, 2023, 4:41 p.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetCursor+0x2ff DrawStateW-0x265 user32+0x3f9df @ 0x7561f9df GetCursor+0xa4 DrawStateW-0x4c0 user32+0x3f784 @ 0x7561f784 GetCursor+0x1a9 DrawStateW-0x3bb user32+0x3f889 @ 0x7561f889 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x755f965e SetKeyboardState+0xbbd CliImmSetHotKey-0x12c9e user32+0x4206f @ 0x7562206f DialogBoxIndirectParamAorW+0xf7 SetDlgItemTextW-0x55 user32+0x3cf4b @ 0x7561cf4b SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x742f77b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x7564fd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x7564fd57 thallium+0x2a0a @ 0x402a0a thallium+0x13e2 @ 0x4013e2 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x74173f46 registers.esp: 2684576 registers.edi: 0 registers.eax: 1947680582 registers.ebp: 2684616 registers.edx: 0 registers.ebx: 0 registers.esi: 1947680582 registers.ecx: 8785256	1
__exception__ April 27, 2023, 4:41 p.m.	stacktrace: GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x755f77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x755f788a DialogBoxIndirectParamW+0x20a DialogBoxIndirectParamAorW-0x57 user32+0x3cdfd @ 0x7561cdfd DialogBoxIndirectParamAorW+0x108 SetDlgItemTextW-0x44 user32+0x3cf5c @ 0x7561cf5c SoftModalMessageBox+0x757 MessageBoxTimeoutW-0x391 user32+0x6f73c @ 0x7564f73c SoftModalMessageBox+0xa33 MessageBoxTimeoutW-0xb5 user32+0x6fa18 @ 0x7564fa18 MessageBoxTimeoutW+0x52 MessageBoxTimeoutA-0x9 user32+0x6fb1f @ 0x7564fb1f New_user32_MessageBoxTimeoutW@24+0x137 New_user32_RegisterHotKey@16-0x80 @ 0x742f77b7 MessageBoxExW+0x1b MessageBoxA-0x9 user32+0x6fd15 @ 0x7564fd15 MessageBoxW+0x18 SetSysColors-0x9 user32+0x6fd57 @ 0x7564fd57 thallium+0x2a0a @ 0x402a0a thallium+0x13e2 @ 0x4013e2 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x74173f46 registers.esp: 2685368 registers.edi: 0 registers.eax: 1947680582 registers.ebp: 2685408 registers.edx: 0 registers.ebx: 0 registers.esi: 1947680582 registers.ecx: 8785256	1

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 27, 2023, 4:41 p.m.	process_identifier: 1508 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74101000 process_handle: 0xffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

198.50.231.138

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.DiskWriter.4!c
MicroWorld-eScan	Gen:Variant.Fragtor.108925
FireEye	Gen:Variant.Fragtor.108925
ALYac	Gen:Variant.Fragtor.108925
Cylance	unsafe
VIPRE	Gen:Variant.Fragtor.108925
Sangfor	Trojan.Win32.Killmbr.V6by
K7AntiVirus	Trojan ( 0058d18f1 )
Alibaba	Trojan:Win32/DiskWriter.6298e095
K7GW	Trojan ( 0058d18f1 )
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	AI:Packer.A0CC9A1F1F
Cyren	W32/ABRisk.CJHS-1769
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/KillMBR.NGI
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.DiskWriter.gen
BitDefender	Gen:Variant.Fragtor.108925
Avast	MBR:Abobus-A [Rtk]
Tencent	Win32.Trojan.Diskwriter.Sgil
Emsisoft	Gen:Variant.Fragtor.108925 (B)
F-Secure	Heuristic.HEUR/AGEN.1340550
Zillya	Trojan.KillMBR.Win32.802
TrendMicro	TROJ_GEN.R002C0PDH23
McAfee-GW-Edition	RDN/Generic.grp
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.KillMBR
Avira	HEUR/AGEN.1340550
Antiy-AVL	Trojan/Win32.KillMBR
Microsoft	Trojan:Win32/Killmbr!mclg
Gridinsoft	Trojan.Win32.Wacatac.dd!n
Xcitium	Malware@#2eqgf4e35nimo
Arcabit	Trojan.Fragtor.D1A97D
ViRobot	Trojan.Win32.Z.Killmbr.59392
ZoneAlarm	HEUR:Trojan.Win32.DiskWriter.gen
GData	Gen:Variant.Fragtor.108925
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5327026
McAfee	RDN/Generic.grp
MAX	malware (ai score=83)
Malwarebytes	Malware.AI.4019183661
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0PDH23
Rising	Trojan.KillMBR!8.F58 (CLOUD)
Yandex	Trojan.DiskWriter!Er8bCOSztGc
MaxSecure	Trojan.Malware.73716977.susgen
Fortinet	W32/KillMBR.NGI!tr

Thallium.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All