Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 7, 2023, 5:24 p.m.	June 7, 2023, 5:32 p.m.

Size	8.0MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`af1a989a2a9bd61b087cace076971f6a`
SHA256	`0def45e69bd0b77b0448d57bbf6213b66a90b0b8855378271b5111d5cbdf16ee`
CRC32	`B003F99F`
ssdeep	`196608:HVkn9JCZxrIYF4hSeOMYjeYMeJyKpJoiSsD4RFsV4:ynOsYFs4MMbJVVSV`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature IsPE32 - (no description)

2d7f71dfd2399ffc78575f12b3d751fae218432618e41204ce0e9b850e25e9ac.exe "C:\Users\test22\AppData\Local\Temp\2d7f71dfd2399ffc78575f12b3d751fae218432618e41204ce0e9b850e25e9ac.exe"
2080
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 7, 2023, 5:24 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 7, 2023, 5:24 p.m.		1	1	0

section

.code

packer

PureBasic 4.x -> Neil Hodgson

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory June 7, 2023, 5:17 p.m.	process_identifier: 1236 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000006bd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW June 7, 2023, 5:25 p.m.	total_number_of_free_bytes: 9926983680 free_bytes_available: 0 root_path: C:\ total_number_of_bytes: 0	1	1	0

section

{u'size_of_data': u'0x0000c000', u'virtual_address': u'0x000c7000', u'entropy': 7.965566436824574, u'name': u'.rsrc', u'virtual_size': u'0x0000befc'}

entropy

7.96556643682

description

A section with a high entropy has been found

Bkav	W32.AIDetectMalware
MicroWorld-eScan	Gen:Heur.Ransom.HiddenTears.1
FireEye	Gen:Heur.Ransom.HiddenTears.1
Cybereason	malicious.a2a9bd
Arcabit	Trojan.Ransom.HiddenTears.1
BitDefenderTheta	Gen:NN.ZexaF.36250.@x3@aGBovDii
Cynet	Malicious (score: 100)
APEX	Malicious
BitDefender	Gen:Heur.Ransom.HiddenTears.1
VIPRE	Gen:Heur.Ransom.HiddenTears.1
McAfee-GW-Edition	BehavesLike.Win32.Dropper.wc
Emsisoft	Gen:Heur.Ransom.HiddenTears.1 (B)
GData	Gen:Heur.Ransom.HiddenTears.1
McAfee	Artemis!AF1A989A2A9B
MAX	malware (ai score=85)
VBA32	Downloader.MSIL.gen.rexp
TrendMicro-HouseCall	TROJ_GEN.R002H09F223
Fortinet	W32/PossibleThreat
DeepInstinct	MALICIOUS

2d7f71dfd2399ffc78575f12b3d751fae218432618e41204ce0e9b850e25e9ac