Summary | ZeroBOX

ss41.exe

Gen1 Generic Malware UPX Malicious Packer PE64 PE File
Category Machine Started Completed
FILE s1_win7_x6401 June 20, 2023, 6:18 p.m. June 20, 2023, 6:21 p.m.
Size 592.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 ab792c894fcf607dee3a7ffc68d3b181
SHA256 21c639e8a7b0bb793fe1770865c5f5aab4fbc1d9328749062bdb80528a545ebd
CRC32 75720FFD
ssdeep 12288:G72i43pjvLx8Xr3lRkRc4YFwjsWOfRg6gtPbcTTn7qxerx7:q83pr9Wr3/kRc4l6g6gtPbcHn7q
PDB Path dfrgui.pdb
Yara
  • UPX_Zero - UPX packed file
  • Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • IsPE64 - (no description)
  • Malicious_Packer_Zero - Malicious Packer
  • PE_Header_Zero - PE File Signature
  • Generic_Malware_Zero - Generic Malware

IP Address Status Action
154.221.19.146 Active Moloch
164.124.101.2 Active Moloch
39.109.117.57 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49165 -> 39.109.117.57:80 2045057 ET MALWARE Win32/Fabookie.ek CnC Request M4 (GET) A Network Trojan was detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0

GetComputerNameW

computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

WriteConsoleW

buffer: ERROR: The process "chrome.exe" not found.
console_handle: 0x000000000000000b
1 1 0

WriteConsoleW

buffer: ERROR: The process "msedge.exe" not found.
console_handle: 0x000000000000000b
1 1 0
pdb_path dfrgui.pdb
resource name MUI
resource name PNG
suspicious_features POST method with no referer header suspicious_request POST http://as.imgjeoigaa.com/check/?sid=842934&key=941465ecfb3fb7d6fe5d647e70e67cf6
request GET http://us.imgjeoigaa.com/sts/imagc.jpg
request GET http://as.imgjeoigaa.com/check/safe
request POST http://as.imgjeoigaa.com/check/?sid=842934&key=941465ecfb3fb7d6fe5d647e70e67cf6
request POST http://as.imgjeoigaa.com/check/?sid=842934&key=941465ecfb3fb7d6fe5d647e70e67cf6
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2564
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000ff217000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2564
region_size: 1507328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000028a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2564
region_size: 1249280
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002b90000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 58\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 38\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 72\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 81\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 47\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 41\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 56\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 32\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 19\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 30\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 22\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 95\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 70\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 28\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 94\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 68\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 90\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 29\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 91\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 10\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 96\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 46\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 89\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 100\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 66\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 98\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 75\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 86\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 87\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 14\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 82\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 43\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 77\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 61\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 2\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 104\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 67\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 7\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 53\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 33\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 102\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 34\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 99\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 16\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 71\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 42\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 54\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 60\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 24\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 48\Network\Cookies
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")
wmi SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

flags: 15
family: 0
111 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0
cmdline taskkill /IM chrome.exe /F
cmdline taskkill /IM msedge.exe /F
McAfee Artemis!AB792C894FCF
Sangfor Trojan.Win32.Agent.V6bh
Elastic malicious (high confidence)
APEX Malicious
Kaspersky UDS:DangerousObject.Multi.Generic
Avast Win64:Trojan-gen
McAfee-GW-Edition BehavesLike.Win64.BadFile.hh
Gridinsoft Ransom.Win64.Wacatac.oa!s1
ZoneAlarm UDS:DangerousObject.Multi.Generic
Cylance unsafe
Rising Trojan.Fabookie!8.11C3D (CLOUD)
AVG Win64:Trojan-gen