popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Inv_LCC_Scan_4.exe

UPX OS Processor Check PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 July 16, 2023, 10:59 a.m. July 16, 2023, 11:01 a.m.
Size 886.8KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 01f50ef4b9419013f3a3967d7ed734cf
SHA256 d7394ece4ab3dc614805ceab5e5686e0e401cf992b2770e4cc2bada501243281
CRC32 618A2C69
ssdeep 24576:mKCS1UmzJqqToGm7dHxi+7wHePbpb9ocj:mKCe1YdHxi+c+p
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
skofilldrom.com
A 64.225.70.62
64.225.70.62
IP Address Status Action
164.124.101.2 Active Moloch
64.225.70.62 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .gfids
suspicious_features GET method with no useragent header suspicious_request GET http://skofilldrom.com/
request GET http://skofilldrom.com/
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2984
region_size: 372736
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000003d0000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2984
region_size: 32768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000430000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
description Inv_LCC_Scan_4.exe tried to sleep 146 seconds, actually delayed analysis time by 146 seconds
DrWeb Adware.Downware.20091
McAfee Artemis!01F50EF4B941
CrowdStrike win/malicious_confidence_100% (W)
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
APEX Malicious
F-Secure Trojan.TR/AD.IcedId.enzyp
McAfee-GW-Edition Artemis
Trapmine malicious.high.ml.score
Avira TR/AD.IcedId.enzyp
Microsoft Trojan:Win64/Tnega!MSR
DeepInstinct MALICIOUS
Cylance unsafe
SentinelOne Static AI - Suspicious PE
AVG Win64:BotX-gen [Trj]
Avast Win64:BotX-gen [Trj]