Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 14, 2023, 7:39 a.m.	Sept. 14, 2023, 7:41 a.m.

Size	461.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`3dd01710d9d6f58e5588ad656f0441a1`
SHA256	`1c15a59b56b5298f4b02671994f7d19a28dca5e4dbe176204385ee95ddae174b`
CRC32	`1999F81C`
ssdeep	`12288:jJ8kkfMfnuis006jmG9OmURt9RnYjc8PicANzf9:jWkkfGnbsvmURt2cWSf9`
Yara	UPX_Zero - UPX packed file Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check

cryptedBB.exe "C:\Users\test22\AppData\Local\Temp\cryptedBB.exe"
1792

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleA Sept. 14, 2023, 7:39 a.m.	buffer: Window flashed successfully. console_handle: 0x00000007	1	1	0
WriteConsoleA Sept. 14, 2023, 7:39 a.m.	buffer: Popup menu created successfully. console_handle: 0x00000007	1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.bsp

Terminates another process (50 out of 13678 events)

Time & API	Arguments	Status
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2084 process_handle: 0x000000a0
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2084 process_handle: 0x000000a0	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2120 process_handle: 0x000000a4
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2120 process_handle: 0x000000a4	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2156 process_handle: 0x000000ac
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2156 process_handle: 0x000000ac	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2192 process_handle: 0x000000c0
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2192 process_handle: 0x000000c0	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2228 process_handle: 0x000000c8
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2228 process_handle: 0x000000c8	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2264 process_handle: 0x000000d0
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2264 process_handle: 0x000000d0	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2300 process_handle: 0x000000d8
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2300 process_handle: 0x000000d8	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2336 process_handle: 0x000000e0
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2336 process_handle: 0x000000e0	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2372 process_handle: 0x000000e8
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2372 process_handle: 0x000000e8	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2408 process_handle: 0x000000f0
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2408 process_handle: 0x000000f0	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2444 process_handle: 0x000000f8
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2444 process_handle: 0x000000f8	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2480 process_handle: 0x00000100
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2480 process_handle: 0x00000100	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2516 process_handle: 0x00000108
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2516 process_handle: 0x00000108	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2552 process_handle: 0x00000110
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2552 process_handle: 0x00000110	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2588 process_handle: 0x00000118
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2588 process_handle: 0x00000118	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2624 process_handle: 0x00000120
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2624 process_handle: 0x00000120	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2660 process_handle: 0x00000128
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2660 process_handle: 0x00000128	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2696 process_handle: 0x00000130
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2696 process_handle: 0x00000130	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2732 process_handle: 0x00000138
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2732 process_handle: 0x00000138	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2768 process_handle: 0x00000140
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2768 process_handle: 0x00000140	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2804 process_handle: 0x00000148
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2804 process_handle: 0x00000148	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2840 process_handle: 0x00000150
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2840 process_handle: 0x00000150	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2876 process_handle: 0x00000158
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2876 process_handle: 0x00000158	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2912 process_handle: 0x00000160
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2912 process_handle: 0x00000160	1
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2948 process_handle: 0x00000168
NtTerminateProcess Sept. 14, 2023, 7:39 a.m.	status_code: 0x00000005 process_identifier: 2948 process_handle: 0x00000168	1

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Injuke.16!c
MicroWorld-eScan	Trojan.Agent.GGQQ
FireEye	Generic.mg.3dd01710d9d6f58e
McAfee	Artemis!3DD01710D9D6
Malwarebytes	Trojan.MalPack
VIPRE	Trojan.Agent.GGQQ
Sangfor	Trojan.Win32.Kryptik.V5fo
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Agent.GGQQ
VirIT	Trojan.Win32.GenusT.DRHP
Cyren	W32/Kryptik.KQM.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.GNTL
Cynet	Malicious (score: 100)
APEX	Malicious
ClamAV	Win.Malware.Exploitx-9967939-0
Kaspersky	HEUR:Trojan.Win32.Injuke.gen
BitDefender	Trojan.Agent.GGQQ
Avast	PWSX-gen [Trj]
Tencent	Win32.Trojan.Injuke.Xmhl
Emsisoft	Trojan.Agent.GGQQ (B)
DrWeb	Trojan.Siggen21.28513
McAfee-GW-Edition	BehavesLike.Win32.Generic.gh
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Injector
Jiangmin	Trojan.Multi.ilm
Webroot	W32.Malware.Gen
Microsoft	Trojan:Win32/Amadey.MB!MTB
ZoneAlarm	HEUR:Trojan.Win32.Injuke.gen
GData	Trojan.Agent.GGQQ
Google	Detected
VBA32	BScope.TrojanPSW.RedLine
MAX	malware (ai score=80)
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Generic@AI.100 (RDML:SkXjGqf3FF+CnL4vxLquoQ)
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W32/Kryptik.GNTL!tr
BitDefenderTheta	Gen:NN.ZexaF.36662.CyW@a8vbECfi
AVG	PWSX-gen [Trj]
DeepInstinct	MALICIOUS

cryptedBB.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All