Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 8, 2023, 7:24 p.m.	June 8, 2023, 7:28 p.m.

Size	394.3KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`d2a06a7386680bc248d79c2974f9b0cf`
SHA256	`05c6b84c8c5301bd86d58f8036a46353aa4e8d26003c64363b91451d909b4b4c`
CRC32	`26C9105A`
ssdeep	`6144:26dANzV+OT7cG6I3iLV6COt4gVVvrCbZwRyxiin5YSU9snMl2ZLQ1o:EP+OTQ7I3iLwJVVrCbb75lMOLz`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 8, 2023, 7:24 p.m.		1	1	0

section

.ndata

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 8, 2023, 7:24 p.m.	process_identifier: 508 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741c4000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory June 8, 2023, 7:24 p.m.	process_identifier: 508 region_size: 94044160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03260000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\nscC03F.tmp\System.dll

file	C:\Users\test22\AppData\Local\Temp\nscC03F.tmp\System.dll

Bkav	W32.AIDetectMalware
McAfee	Artemis!D2A06A738668
Malwarebytes	Trojan.GuLoader
Sangfor	Trojan.Win32.Agent.Vkkh
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	NSIS/Injector.ASH
APEX	Malicious
Kaspersky	HEUR:Trojan-Downloader.Win32.Minix.gen
Avast	NSIS:DropperX-gen [Drp]
TrendMicro	Trojan.Win32.GULOADER.YXDFFZ
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Webroot	W32.Malware.Gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	HEUR:Trojan-Downloader.Win32.Minix.gen
Google	Detected
TrendMicro-HouseCall	Trojan.Win32.GULOADER.YXDFFZ
Ikarus	Trojan.NSIS.Agent
AVG	NSIS:DropperX-gen [Drp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (W)

hkcmd.exe