Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 13, 2023, 8:55 a.m.	July 13, 2023, 8:57 a.m.

Size	709.7KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`ceaf606490044679c681b1cae6f67bd0`
SHA256	`3a9bdcffe94b37a8c5ebb961c484bd4255e614424fe522909cd075c2e32867e9`
CRC32	`1A24F961`
ssdeep	`12288:p0RtojH0t9bg6T4WocvtcwilsMXh5UblHCkkws6Hmqld58W6nXe3UhtCmTW8k:JjHL+tfYsMRmblHsYtldFkkStby8k`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 13, 2023, 8:55 a.m.		1	1	0

section

.ndata

Time & API	Arguments	Status
NtProtectVirtualMemory July 13, 2023, 8:55 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2023, 8:55 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73924000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 13, 2023, 8:55 a.m.	process_identifier: 2564 region_size: 85143552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x036a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Aflseligt\Cocainising\sikhers\Lredrengene\hjerneskadernes\System.Threading.Tasks.Dataflow.dll
file	C:\Users\test22\AppData\Roaming\Microsoft\Windows\Start Menu\Aflseligt\Cocainising\sikhers\Underlb\libgobject-2.0-0.dll
file	C:\Users\test22\AppData\Local\Temp\nsdF398.tmp\System.dll

file	C:\Users\test22\AppData\Local\Temp\nsdF398.tmp\System.dll

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Androm.ts6W
Cynet	Malicious (score: 100)
McAfee	Artemis!CEAF60649004
VIPRE	Gen:Variant.Tedy.369578
Sangfor	Trojan.Win32.Agent.Voc4
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Gen:Variant.Tedy.369578
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.ca9312
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Kaspersky	HEUR:Trojan.Win32.Guloader.gen
MicroWorld-eScan	Gen:Variant.Tedy.369578
Avast	FileRepMalware [Misc]
Emsisoft	Gen:Variant.Tedy.369578 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.bc
FireEye	Generic.mg.ceaf606490044679
Sophos	Generic Reputation PUA (PUA)
GData	Gen:Variant.Tedy.369578
MAX	malware (ai score=80)
Arcabit	Trojan.Tedy.D5A3AA
ZoneAlarm	HEUR:Trojan.Win32.Guloader.gen
Microsoft	Trojan:Win32/Wacatac.H!ml
ALYac	Gen:Variant.Tedy.369578
Cylance	unsafe
Panda	Trj/Chgt.AD
Fortinet	NSIS/Injector.OSRP!tr
AVG	FileRepMalware [Misc]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_70% (W)

Forrderes.exe