popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Project7.exe

Browser Login Data Stealer UPX ASPack Malicious Library PE File DLL OS Processor Check PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 16, 2023, 2:13 p.m. Sept. 16, 2023, 2:15 p.m.
Size 1.7MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a7e4e478fbf4a1ff9a1be70ee8afd190
SHA256 9bdb51905b1eac04722007ffcc4a86f1bd84b618ca2610580e01acd21b98cdcb
CRC32 0EDCBABE
ssdeep 24576:+yZ64ndor0y8cvUfoPch+t62fXWbRTfZOwgh:1M8cxt6xNa
PDB Path C:\Users\scammymamont\source\repos\Project7\Debug\Project7.pdb
Yara
  • UPX_Zero - UPX packed file
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
138.201.200.124 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 138.201.200.124:80 2047625 ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) A Network Trojan was detected
TCP 192.168.56.103:49162 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49162 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 138.201.200.124:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic

Suricata TLS

No Suricata TLS

pdb_path C:\Users\scammymamont\source\repos\Project7\Debug\Project7.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section .textbss
section .msvcjmc
section .00cfg
packer Microsoft Visual C++ V8.0 (Debug)
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://138.201.200.124/loghub/master
request POST http://138.201.200.124/loghub/master
request POST http://138.201.200.124/loghub/master
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 163840
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00260000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 296
region_size: 0
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
3221225714 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielpathgobddffflal
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnpath
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\gjagmgpathdbbciopjhllkdnddhcglnemk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aijcbedoijmgnlmjeegjaglmepbmpkpi
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cgeeodpfagjceefieflmdfphplkenlfk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\naepdomgkenhinolocfifgehpathddafch
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghpathoadd
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgnbkkipaallpehbohjmkbjofjdmepath
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobl
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fooolghllnmhmmndgjiamiiodkpenpbb
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\fdjamakpfbbddfjaooikfcpapjohcfmg
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fdjamakpfbbddfjaooikfcpapjohcfmg
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hmeobnfnfcmdkdcmlblgagmfpfboieaf
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbml
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
file C:\Users\test22\AppData\Local\Temp\VhCHrrCXzJd2j5UL.dll
file C:\Users\test22\AppData\Local\Temp\VhCHrrCXzJd2j5UL.dll
section {u'size_of_data': u'0x0002c600', u'virtual_address': u'0x00207000', u'entropy': 7.167370933030962, u'name': u'.data', u'virtual_size': u'0x0002f834'} entropy 7.16737093303 description A section with a high entropy has been found
host 138.201.200.124
registry HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.4!c
MicroWorld-eScan Trojan.GenericKD.69207922
FireEye Generic.mg.a7e4e478fbf4a1ff
McAfee Artemis!A7E4E478FBF4
Malwarebytes Malware.AI.4144861780
Sangfor Infostealer.Win32.Kryptik.Vtmt
CrowdStrike win/malicious_confidence_100% (W)
Alibaba TrojanPSW:Win32/Stealerc.0c81a048
K7GW Trojan ( 005ab0f91 )
K7AntiVirus Trojan ( 005ab0f91 )
BitDefenderTheta Gen:NN.ZexaF.36662.QL0@aiW1@dmk
Cyren W32/ABRisk.ZRNS-6754
Symantec ML.Attribute.HighConfidence
Elastic malicious (moderate confidence)
ESET-NOD32 a variant of Win32/GenKryptik.GNPJ
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky Trojan-PSW.Win32.Stealerc.bjr
BitDefender Trojan.GenericKD.69207922
Avast Win32:PWSX-gen [Trj]
Tencent Malware.Win32.Gencirc.13eeebd2
Emsisoft Trojan.GenericKD.69207922 (B)
F-Secure Trojan.TR/Kryptik.thqee
VIPRE Trojan.GenericKD.69207922
McAfee-GW-Edition BehavesLike.Win32.Sality.tm
Trapmine malicious.moderate.ml.score
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Avira TR/Kryptik.thqee
MAX malware (ai score=80)
Antiy-AVL Trojan/Win32.GenKryptik
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Gridinsoft Trojan.Win32.Kryptik.sa
Arcabit Trojan.Generic.D4200772
ZoneAlarm Trojan-PSW.Win32.Stealerc.bjr
GData Trojan.GenericKD.69207922
Google Detected
ALYac Trojan.GenericKD.69207922
Cylance unsafe
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H0DIA23
Rising Trojan.Generic@AI.100 (RDML:fig71e9Jd0X/iDeMQWy+jw)
Ikarus Trojan.Win32.Krypt
MaxSecure Trojan.Malware.218266944.susgen
Fortinet W32/GenKryptik.GNPJ!tr
AVG Win32:PWSX-gen [Trj]
DeepInstinct MALICIOUS