Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 3, 2023, 9:22 a.m.	May 3, 2023, 9:41 a.m.

Size	17.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`4c09e8e3a1d837f125ea9f9c0c2c5380`
SHA256	`44d91bcc9c29ea92d933095d707a0040e39b08d1c52099014d58eceecbbe3ace`
CRC32	`7C765A4E`
ssdeep	`384:bHqHNJzn0I71uAstwLW8X4ne7OH0yJLhv812MG6CQ:bHrv5fdv8kc`
Yara	IsDLL - (no description) IsPE64 - (no description) Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Antivirus - Contains references to security software SystemBC_IN - SystemBC

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sc64.dll,rundll
2556
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sc64.dll,rundll
  2700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sc64.dll,
2640

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.21.96.152	Active	Moloch
65.21.119.52	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 3, 2023, 9:22 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory May 3, 2023, 9:22 a.m.	process_identifier: 2700 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

host	104.21.96.152
host	65.21.119.52

Lionic	Trojan.Win32.Sybici.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Lazy.85967
FireEye	Generic.mg.4c09e8e3a1d837f1
CAT-QuickHeal	Trojan.SystemBC.S27791300
ALYac	Gen:Variant.Lazy.85967
Cylance	unsafe
Zillya	Trojan.Coroxy.Win64.13
Sangfor	Backdoor.Win32.Coroxy.Vrv6
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/SystemBC.da117b51
K7GW	Trojan ( 0056e4c51 )
K7AntiVirus	Trojan ( 0056e4c51 )
Arcabit	Trojan.Lazy.D14FCF
Cyren	W64/ABRisk.FKYM-8768
ESET-NOD32	a variant of Win64/Coroxy.A
Cynet	Malicious (score: 100)
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Trojan-Proxy.Win32.Sybici.va
BitDefender	Gen:Variant.Lazy.85967
Avast	Win64:BackdoorX-gen [Trj]
Tencent	Win32.Trojan-Proxy.Sybici.Ymhl
Sophos	Troj/Coroxy-A
F-Secure	Heuristic.HEUR/AGEN.1302393
DrWeb	BackDoor.Coroxy.1
VIPRE	Gen:Variant.Lazy.85967
TrendMicro	Backdoor.Win64.COROXY.SMTH
McAfee-GW-Edition	RDN/Generic BackDoor
Emsisoft	Gen:Variant.Lazy.85967 (B)
Webroot	W32.Trojan.Gen
Avira	HEUR/AGEN.1302393
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win64.Coroxy
Gridinsoft	Trojan.Win64.Gen.cl
Microsoft	Trojan:Win32/SystemBC.SA
ViRobot	Trojan.Win.Z.Coroxy.17408.A
ZoneAlarm	Trojan-Proxy.Win32.Sybici.va
GData	Gen:Variant.Lazy.85967
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C4452892
McAfee	Artemis!4C09E8E3A1D8
Malwarebytes	Malware.AI.3928362742
Panda	Trj/CI.A
Rising	Backdoor.Coroxy!8.12282 (TFE:2:Tk58K9rsafI)
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.205382659.susgen
Fortinet	W64/Coroxy.A!tr
AVG	Win64:BackdoorX-gen [Trj]
DeepInstinct	MALICIOUS

sc64.dll