Summary | ZeroBOX

File_pass1234.7z

KeyLogger PWS Escalate priviledges AntiDebug AntiVM
Category Machine Started Completed
FILE s1_win7_x6402 July 26, 2023, 11:19 a.m. July 26, 2023, 11:21 a.m.
Size 3.9MB
Type 7-zip archive data, version 0.4
MD5 dd48d433b225a68e26ca5b6446f0e5f9
SHA256 d4627bbc66102d5e9c18b434de81a139c275ab4810e337e6a1f9f7cdf54a24ea
CRC32 0F18C6FC
ssdeep 98304:qMYYHZAjSqzkr6cFiKtSlqoQPNmNQ410Oo9jv:3ZAPcFinVNYj7
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x74012000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x721d3000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeRestorePrivilege
1 1 0
description Escalate priviledges rule Escalate_priviledges
description PWS Memory rule Generic_PWS_Memory_Zero
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Run a KeyLogger rule KeyLogger