Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 20, 2023, 7:47 a.m.	Dec. 20, 2023, 7:53 a.m.

Size	15.1MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`b4b6bb1999d278b1eeb19783fce5cab4`
SHA256	`4ca0434a2c62b0e576e391c53edeeeb1e23ebb50e4e23419ed42995fcc8824a0`
CRC32	`005CF922`
ssdeep	`393216:ajId074k3meXcGfd0aw2L2tbfRukW8eb08aF:WIdZat5FO2LODbW8egF`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) ftp_command - ftp command UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

voice5.13sert.exe "C:\Users\test22\AppData\Local\Temp\voice5.13sert.exe"
2652
- voice5.13sert.exe "C:\Users\test22\AppData\Local\Temp\voice5.13sert.exe"
  2932

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 20, 2023, 7:47 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Creates executable files on the filesystem (7 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI26522\python311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tk86t.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\libcrypto-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\libssl-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl86t.dll

Appends a known multi-family ransomware file extension to files that have been encrypted (50 out of 80 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\euc-jp.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\shiftjis.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp950.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\symbol.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-9.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\ascii.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-2.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\ebcdic.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\gb12345.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp1257.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp855.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\tis-620.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp775.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp1252.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-13.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-11.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\euc-kr.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\ksc5601.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\macIceland.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\gb2312.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\macDingbats.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-3.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp865.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp857.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\macCentEuro.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp1258.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\macRomania.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\macCyrillic.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\macGreek.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cns11643.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso2022-jp.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-16.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-5.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp936.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp861.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\jis0212.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp864.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\jis0208.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp949.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso2022-kr.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp932.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp850.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp866.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp1256.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp1253.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\jis0201.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-10.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp860.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\big5.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\gb2312-raw.enc

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 996 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Asia\Kuching
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\mk.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Pacific\Wallis
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tk\ttk\scale.tcl
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Australia\ACT
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\gb12345.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Zulu
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\SystemV\MST7
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\SystemV\HST10
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\Cryptodome\Cipher\_raw_aes.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Africa\Blantyre
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\en_ie.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\af.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-5.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Europe\Kiev
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Eire
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\St_Barthelemy
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tk\license.terms
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\Yakutat
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\St_Kitts
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\SystemV\EST5
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Europe\Zurich
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tk\images\logoMed.gif
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Asia\Riyadh
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Europe\Budapest
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Europe\Paris
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\eu_es.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\te_in.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Africa\Mbabane
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\Guadeloupe
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\EST5EDT
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\cp869.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Antarctica\Casey
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\Noronha
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Singapore
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\gv.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\pl.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Asia\Barnaul
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\iso8859-1.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Pacific\Wake
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Asia\Sakhalin
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\Manaus
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\Guatemala
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\msgs\es_co.msg
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Pacific\Guadalcanal
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Asia\Omsk
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\encoding\macUkraine.enc
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\Asia\Dubai
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\_ssl.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI26522\tcl\tzdata\America\Knox_IN

voice5.13sert.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All