Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 30, 2023, 8:49 a.m.	July 30, 2023, 8:55 a.m.

Size	314.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`117dc29bb97feea7e270cdb5af9b08b8`
SHA256	`d0bef454a49faffb1607e1f20c91b1ee2fde7b3ddec800e83000158fa8bea386`
CRC32	`AAE76F4C`
ssdeep	`3072:5JW7pz/a1Gd2mLjKaL85YWvhoRDmPsXW5L/Qg+f0fdnQOBo:WpzgGdtaagThQDmkXcL/Q1`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

777888_2023-07-27_16-09.exe "C:\Users\test22\AppData\Local\Temp\777888_2023-07-27_16-09.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

resource name

None

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 30, 2023, 8:49 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 77824 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002be000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory July 30, 2023, 8:49 a.m.	process_identifier: 2552 region_size: 45056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ad0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00013600', u'virtual_address': u'0x00029000', u'entropy': 7.867600430233146, u'name': u'.data', u'virtual_size': u'0x01eb8a2c'}

entropy

7.86760043023

description

A section with a high entropy has been found

entropy

0.247603833866

description

Overall entropy of this PE file is high

777888_2023-07-27_16-09.exe