Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 15, 2023, 5:39 p.m.	Dec. 15, 2023, 5:41 p.m.

Size	16.6MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`db24ccd5edd193c3de7e8324af4df458`
SHA256	`82b03053f38e2f31c9aceda9438b2fc2cbe62d158150137c35099c54da18530c`
CRC32	`619D50B1`
ssdeep	`393216:djId07S2u2tbfNOdWW+eGQR+93iObYaHW8p2TLYb5MT4FC:5IdFODNOUW+e5RS9lW8p2TMKGC`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Voice-Ai-beta.exe "C:\Users\test22\AppData\Local\Temp\Voice-Ai-beta.exe"
2544
- Voice-Ai-beta.exe "C:\Users\test22\AppData\Local\Temp\Voice-Ai-beta.exe"
  2820

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 15, 2023, 5:39 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Creates executable files on the filesystem (7 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI25442\libssl-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\libcrypto-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tk86t.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl86t.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\python311.dll

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Bkav	W64.AIDetectMalware
MicroWorld-eScan	Gen:Variant.Lazy.447541
FireEye	Gen:Variant.Lazy.447541
Cylance	unsafe
VIPRE	Gen:Variant.Lazy.447541
CrowdStrike	win/malicious_confidence_100% (W)
Elastic	malicious (moderate confidence)
BitDefender	Gen:Variant.Lazy.447541
Emsisoft	Gen:Variant.Lazy.447541 (B)
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Wacatac.B!ml
Gridinsoft	Ransom.Win64.Wacatac.sa
Arcabit	Trojan.Lazy.D6D435
GData	Gen:Variant.Lazy.447541
ALYac	Gen:Variant.Lazy.447541
MAX	malware (ai score=83)
TrendMicro-HouseCall	TROJ_GEN.R002H09LE23
DeepInstinct	MALICIOUS

Appends a known multi-family ransomware file extension to files that have been encrypted (50 out of 80 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp775.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp949.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso2022-kr.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macJapan.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macRoman.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-13.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\ksc5601.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\ascii.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\koi8-r.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp1257.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macCentEuro.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\euc-cn.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp950.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp866.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\jis0212.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp1258.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp850.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-6.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-14.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-3.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-2.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\shiftjis.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp874.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp936.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp737.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cns11643.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-8.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\koi8-u.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\symbol.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp1251.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp932.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-15.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp869.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-9.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macDingbats.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macGreek.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\gb1988.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\dingbats.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp863.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\tis-620.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-16.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-7.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\euc-kr.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macRomania.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp865.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-11.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\iso8859-10.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp1250.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp862.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macIceland.enc

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 996 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Brazil\DeNoronha
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Asia\Ulan_Bator
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Africa\Freetown
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\Cryptodome\Cipher\_Salsa20.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\Cryptodome\Protocol\_scrypt.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\msgs\id_id.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tk\tk.tcl
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\ascii.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\America\Costa_Rica
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Pacific\Tongatapu
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\Cryptodome\PublicKey\_ec_ws.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\msgs\zh_tw.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Europe\Malta
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\America\Kentucky\Louisville
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\msgs\kw_gb.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Antarctica\Davis
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tk\text.tcl
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp936.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\America\Hermosillo
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\America\Managua
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cns11643.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Asia\Phnom_Penh
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Kwajalein
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\msgs\kl_gl.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Pacific\Noumea
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Europe\Paris
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Africa\Libreville
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\SystemV\AST4ADT
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Atlantic\Madeira
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tk\images\pwrdLogo150.gif
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tk\images\pwrdLogo75.gif
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\macGreek.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Atlantic\Jan_Mayen
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\msgs\fr_ch.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Singapore
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\SystemV\EST5EDT
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Indian\Mayotte
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\Cryptodome\Cipher\_raw_arc2.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\America\Guadeloupe
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tk\ttk\aquaTheme.tcl
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\America\Porto_Acre
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\encoding\cp1250.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Europe\Zaporozhye
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Africa\Johannesburg
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Pacific\Chuuk
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Europe\Tirane
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\_socket.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Asia\Kuala_Lumpur
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Canada\Central
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\tcl\tzdata\Africa\Banjul

Voice-Ai-beta.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All