Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 10, 2023, 8:08 a.m.	July 10, 2023, 8:11 a.m.

Size	7.5MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`d61c17656e28348150c5d17dcc0106cd`
SHA256	`369fce162239045403c87f8c83445d9d300fe2d8656899cb079ce4acca77a99a`
CRC32	`821F3915`
ssdeep	`196608:leY3avuuDfyGR21X5Sp6GemDMPwuW23vYPGshGRx:MY3aJDfDspfaMP5z`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

echo-D3FG-2.DE.exe "C:\Users\test22\AppData\Local\Temp\echo-D3FG-2.DE.exe"
2552
- echo-D3FG-2.DE.exe "C:\Users\test22\AppData\Local\Temp\echo-D3FG-2.DE.exe"
  2684

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 10, 2023, 8:08 a.m.		1	1	0

section

_RDATA

file	C:\Users\test22\AppData\Local\Temp\_MEI25522\python311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25522\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25522\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25522\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25522\libssl-1_1.dll

Lionic	Trojan.Win32.Shelm.tso7
MicroWorld-eScan	Trojan.GenericKD.67377904
FireEye	Generic.mg.d61c17656e283481
ALYac	Trojan.GenericKD.67377904
Malwarebytes	Spyware.PasswordStealer.Python
VIPRE	Trojan.GenericKD.67377904
Sangfor	Spyware.Win32.Agent.Vpn5
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanSpy:Win32/Stealer.a31809b5
K7GW	Riskware ( 0040eff71 )
CrowdStrike	win/malicious_confidence_60% (W)
Arcabit	Trojan.Generic.D4041AF0
Cyren	W64/ABRisk.JEEJ-8733
Symantec	Trojan.Gen.MBT
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Trojan-Spy.Win32.Stealer.dxwk
BitDefender	Trojan.GenericKD.67377904
Avast	FileRepMalware [Misc]
Sophos	Mal/Generic-S
F-Secure	Trojan.TR/Spy.Stealer.tfchy
McAfee-GW-Edition	BehavesLike.Win64.TrojanCoinMiner.wc
Emsisoft	Trojan.GenericKD.67377904 (B)
Avira	TR/Spy.Stealer.tfchy
MAX	malware (ai score=87)
Microsoft	Program:Win32/Wacapew.C!ml
ZoneAlarm	Trojan-Spy.Win32.Stealer.dxwk
GData	Win32.Trojan-Downloader.Generic.RSB3QB
Google	Detected
McAfee	Artemis!D61C17656E28
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09F323
MaxSecure	Trojan.Malware.209430322.susgen
Fortinet	W32/PossibleThreat
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS

echo-D3FG-2.DE.exe