Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 11, 2023, 9:59 a.m.	July 11, 2023, 10:01 a.m.

Size	8.2MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`163d4e2d75f8ce6c838bab888bf9629c`
SHA256	`b1ef1654839b73f03b73c4ef4e20ce4ecdef2236ec6e1ca36881438bc1758dcd`
CRC32	`8B75EE82`
ssdeep	`196608:0ZzXM8K/p32xbAQveItwq+ZkiKDItdc7x0vjPYxXLJ:aML/oxvxaq+ZkFwux0je`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Lst.exe "C:\Users\test22\AppData\Local\Temp\Lst.exe"
2064
- Lst.exe "C:\Users\test22\AppData\Local\Temp\Lst.exe"
  2228

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 11, 2023, 9:52 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ July 11, 2023, 9:52 a.m.	stacktrace: 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x7fef7c97ef8 registers.r14: 0 registers.r15: 196974 registers.rcx: 196974 registers.rsi: 1 registers.r10: 196974 registers.rbx: 0 registers.rsp: 2255048 registers.r11: 0 registers.r8: 1 registers.r9: 0 registers.rdx: 28 registers.r12: 0 registers.rbp: 9016624 registers.rdi: 0 registers.rax: 2255152 registers.r13: 28	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

July 11, 2023, 9:52 a.m.

stacktrace:

0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196974
registers.rcx: 196974
registers.rsi: 1
registers.r10: 196974
registers.rbx: 0
registers.rsp: 2255048
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 9016624
registers.rdi: 0
registers.rax: 2255152
registers.r13: 28

Creates executable files on the filesystem (8 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI20642\libffi-7.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20642\python310.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20642\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20642\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20642\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20642\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20642\_pytransform.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20642\pywin32_system32\pywintypes310.dll

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x0000f600', u'virtual_address': u'0x00052000', u'entropy': 7.5555924277072215, u'name': u'.rsrc', u'virtual_size': u'0x0000f49c'}

entropy

7.55559242771

description

A section with a high entropy has been found

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Lionic	Trojan.Win32.Shelm.tseF
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Generic.33518316
FireEye	Generic.mg.163d4e2d75f8ce6c
ALYac	Trojan.Spy.Stealer
Malwarebytes	Generic.Malware.Agent.DDS
VIPRE	Trojan.Generic.33518316
K7AntiVirus	Trojan ( 005a59621 )
K7GW	Trojan ( 005a59621 )
Arcabit	Trojan.Generic.D1FF72EC
Cyren	W64/ABRisk.BMEX-7019
Symantec	Trojan Horse
ESET-NOD32	a variant of Generik.HPZZJVQ
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Agent.xavobu
BitDefender	Trojan.Generic.33518316
NANO-Antivirus	Trojan.Win64.Generic.jvyunp
Avast	FileRepMalware [Misc]
Emsisoft	Trojan.Generic.33518316 (B)
F-Secure	Trojan.TR/Agent.ajqbp
TrendMicro	Trojan.Win32.FRS.VSNW18D23
McAfee-GW-Edition	BehavesLike.Win64.Generic.rc
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Avira	TR/Agent.ajqbp
MAX	malware (ai score=89)
Gridinsoft	Ransom.Win64.Gen.sa
Microsoft	Trojan:Win64/InfoStealer!MSR
ViRobot	Trojan.Win.S.Agent.8601691
ZoneAlarm	Trojan.Win32.Agent.xavobu
GData	Trojan.Generic.33518316
Google	Detected
AhnLab-V3	Trojan/Win.Wacatac.C5418017
McAfee	Artemis!163D4E2D75F8
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Trojan.Win32.FRS.VSNW18D23
Tencent	Win32.Trojan.Agent.Zolw
Ikarus	Trojan.Python.Obfuscated
MaxSecure	Trojan.Malware.205026895.susgen
Fortinet	W32/Infostealer.A!tr
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

Lst.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All