popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

103.184.128.244_update.7z

KeyLogger Escalate priviledges AntiDebug AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 May 9, 2023, 7:15 p.m. May 9, 2023, 7:18 p.m.
Size 7.6MB
Type 7-zip archive data, version 0.3
MD5 068a57341223a3d3d024b524cd67df5e
SHA256 f11adbdad7200b90237dd9bbd5dbbf0b5ad30dd5a931fbef22cb0790e1851d82
CRC32 06FD963A
ssdeep 196608:oirqQ4BMbKoZrbr7qvEOHR9XTpMGLTT5xpn7bY:rqBGbjHHqvnxZT+QHXpnXY
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch
182.252.1.249 Active Moloch
182.252.100.41 Active Moloch
182.252.101.1 Active Moloch
182.252.106.193 Active Moloch
182.252.106.213 Active Moloch
182.252.108.143 Active Moloch
182.252.109.229 Active Moloch
182.252.109.241 Active Moloch
182.252.11.99 Active Moloch
182.252.111.167 Active Moloch
182.252.113.23 Active Moloch
182.252.121.163 Active Moloch
182.252.121.21 Active Moloch
182.252.121.39 Active Moloch
182.252.126.199 Active Moloch
182.252.128.55 Active Moloch
182.252.13.135 Active Moloch
182.252.130.25 Active Moloch
182.252.135.73 Active Moloch
182.252.14.63 Active Moloch
182.252.140.211 Active Moloch
182.252.140.7 Active Moloch
182.252.141.207 Active Moloch
182.252.144.103 Active Moloch
182.252.146.189 Active Moloch
182.252.149.127 Active Moloch
182.252.151.49 Active Moloch
182.252.152.219 Active Moloch
182.252.153.153 Active Moloch
182.252.154.115 Active Moloch
182.252.160.163 Active Moloch
182.252.165.153 Active Moloch
182.252.17.5 Active Moloch
182.252.170.167 Active Moloch
182.252.171.101 Active Moloch
182.252.171.133 Active Moloch
182.252.171.193 Active Moloch
182.252.173.5 Active Moloch
182.252.178.139 Active Moloch
182.252.180.85 Active Moloch
182.252.181.87 Active Moloch
182.252.184.103 Active Moloch
182.252.186.67 Active Moloch
182.252.187.45 Active Moloch
182.252.189.111 Active Moloch
182.252.191.191 Active Moloch
182.252.192.197 Active Moloch
182.252.196.241 Active Moloch
182.252.199.145 Active Moloch
182.252.199.211 Active Moloch
182.252.2.137 Active Moloch
182.252.207.153 Active Moloch
182.252.207.209 Active Moloch
182.252.213.141 Active Moloch
182.252.218.191 Active Moloch
182.252.219.93 Active Moloch
182.252.22.111 Active Moloch
182.252.22.201 Active Moloch
182.252.22.241 Active Moloch
182.252.22.59 Active Moloch
182.252.220.55 Active Moloch
182.252.222.185 Active Moloch
182.252.222.41 Active Moloch
182.252.225.153 Active Moloch
182.252.226.97 Active Moloch
182.252.228.185 Active Moloch
182.252.229.121 Active Moloch
182.252.23.115 Active Moloch
182.252.230.231 Active Moloch
182.252.230.97 Active Moloch
182.252.232.5 Active Moloch
182.252.233.135 Active Moloch
182.252.233.9 Active Moloch
182.252.235.35 Active Moloch
182.252.235.43 Active Moloch
182.252.237.3 Active Moloch
182.252.238.223 Active Moloch
182.252.240.167 Active Moloch
182.252.243.35 Active Moloch
182.252.245.95 Active Moloch
182.252.246.151 Active Moloch
182.252.246.159 Active Moloch
182.252.246.3 Active Moloch
182.252.250.129 Active Moloch
182.252.250.23 Active Moloch
182.252.251.27 Active Moloch
182.252.253.175 Active Moloch
182.252.253.67 Active Moloch
182.252.27.221 Active Moloch
182.252.29.39 Active Moloch
182.252.32.101 Active Moloch
182.252.35.147 Active Moloch
182.252.36.155 Active Moloch
182.252.39.165 Active Moloch
182.252.40.23 Active Moloch
182.252.43.93 Active Moloch
182.252.44.43 Active Moloch
182.252.46.135 Active Moloch
182.252.46.29 Active Moloch
182.252.46.47 Active Moloch
182.252.5.3 Active Moloch
182.252.5.99 Active Moloch
182.252.51.65 Active Moloch
182.252.52.75 Active Moloch
182.252.53.215 Active Moloch
182.252.54.249 Active Moloch
182.252.55.19 Active Moloch
182.252.55.245 Active Moloch
182.252.56.29 Active Moloch
182.252.57.81 Active Moloch
182.252.58.5 Active Moloch
182.252.60.159 Active Moloch
182.252.60.161 Active Moloch
182.252.66.57 Active Moloch
182.252.67.103 Active Moloch
182.252.67.33 Active Moloch
182.252.7.99 Active Moloch
182.252.70.133 Active Moloch
182.252.73.81 Active Moloch
182.252.74.5 Active Moloch
182.252.76.87 Active Moloch
182.252.79.173 Active Moloch
182.252.79.225 Active Moloch
182.252.8.1 Active Moloch
182.252.85.161 Active Moloch
182.252.86.209 Active Moloch
182.252.87.159 Active Moloch
182.252.9.201 Active Moloch
182.252.92.237 Active Moloch
182.252.94.109 Active Moloch
182.252.94.253 Active Moloch
182.252.97.249 Active Moloch
182.252.99.43 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49520 -> 182.252.222.185:445 2001569 ET SCAN Behavioral Unusual Port 445 traffic Potential Scan or Infection Misc activity

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74062000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x721c3000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\7zE0A81B226\install.cmd
file C:\Users\test22\AppData\Local\Temp\7zE0A81B226\rdpcIip_new.exe
file C:\Users\test22\AppData\Local\Temp\7zE0A81B226\sqhost_new.exe
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeRestorePrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeSecurityPrivilege
1 1 0
description PWS Memory rule Generic_PWS_Memory_Zero
description Escalate priviledges rule Escalate_priviledges
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Run a KeyLogger rule KeyLogger
host 182.252.1.249
host 182.252.100.41
host 182.252.101.1
host 182.252.106.193
host 182.252.106.213
host 182.252.108.143
host 182.252.109.229
host 182.252.109.241
host 182.252.11.99
host 182.252.111.167
host 182.252.113.23
host 182.252.121.163
host 182.252.121.21
host 182.252.121.39
host 182.252.126.199
host 182.252.128.55
host 182.252.13.135
host 182.252.130.25
host 182.252.135.73
host 182.252.14.63
host 182.252.140.211
host 182.252.140.7
host 182.252.141.207
host 182.252.144.103
host 182.252.146.189
host 182.252.149.127
host 182.252.151.49
host 182.252.152.219
host 182.252.153.153
host 182.252.154.115
host 182.252.160.163
host 182.252.165.153
host 182.252.17.5
host 182.252.170.167
host 182.252.171.101
host 182.252.171.133
host 182.252.171.193
host 182.252.173.5
host 182.252.178.139
host 182.252.180.85
host 182.252.181.87
host 182.252.184.103
host 182.252.186.67
host 182.252.187.45
host 182.252.189.111
host 182.252.191.191
host 182.252.192.197
host 182.252.196.241
host 182.252.199.145
host 182.252.199.211