Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 20, 2023, 7:35 a.m.	July 20, 2023, 7:40 a.m.

Size	345.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`bedbe012a1b5826fe7f1dec74b63b729`
SHA256	`88b9fabd26abb085ca896c1f28205fae662d1d201ce50d737d46faed26c8ee0a`
CRC32	`F625C453`
ssdeep	`6144:7HwJQcGnN+jVGXmaxL+kPxJl0kvJmyAo5L/lsnBBl0Yt:7tcGk4XdPLlpJmlol/lSp`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 20, 2023, 7:35 a.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 167936 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c2c000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory July 20, 2023, 7:35 a.m.	process_identifier: 2636 region_size: 258048 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00029c00', u'virtual_address': u'0x00028000', u'entropy': 7.959544430952519, u'name': u'.data', u'virtual_size': u'0x027337c0'}

entropy

7.95954443095

description

A section with a high entropy has been found

entropy

0.484760522496

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Convagent.4!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.bedbe012a1b5826f
CAT-QuickHeal	Ransom.Stop.P5
McAfee	Artemis!BEDBE012A1B5
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00516fdf1 )
K7GW	Trojan ( 00516fdf1 )
Cybereason	malicious.4fb091
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	RansomX-gen [Ransom]
Tencent	Trojan.Win32.Obfuscated.gen
TrendMicro	Ransom.Win32.PHOBOS.SMTHA.hp
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.fh
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
AhnLab-V3	Trojan/Win.Generic.R592214
VBA32	BScope.Trojan.Yakes
Cylance	unsafe
Rising	Trojan.Generic@AI.100 (RDML:ZBBpplAuoPo9pp7/ezPiXA)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
AVG	RansomX-gen [Ransom]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

file.exe