Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 14, 2024, 1:33 p.m.	Jan. 14, 2024, 1:39 p.m.

Size	176.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8a6150d9aeecaf24aa06b669096bb465`
SHA256	`bbdbec4d910262daf43a4cea874173fd4c790cb3ec142e65de6c1a74520dc4d7`
CRC32	`AB21FC54`
ssdeep	`3072:NHFNYj6kzi+NT2I+LUaXJNaggOTuSgBbqVb/8O/tOAg0Fuj0QtsIFsZa:NHFNY2PBIs5nuTBbWgAOnrFsZa`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.172.128.90	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Jan. 14, 2024, 1:33 p.m.	computer_name: TEST22-PC	1	1	0

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Jan. 14, 2024, 1:33 p.m.	buffer: ERROR: The process "new_inte.exe" not found. console_handle: 0x0000000b	1	1	0

suspicious_features

Connection to IP address

suspicious_request

GET http://185.172.128.90/cpa/ping.php?substr=one&s=two

request

GET http://185.172.128.90/cpa/ping.php?substr=one&s=two

cmdline	"C:\Windows\System32\cmd.exe" /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit
cmdline	C:\Windows\System32\cmd.exe /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit

file	C:\Users\test22\AppData\Local\Temp\new_inte.exe

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "new_inte.exe")

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Jan. 14, 2024, 1:33 p.m.	show_type: 0 filepath_r: C:\Windows\System32\cmd.exe parameters: /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit filepath: C:\Windows\System32\cmd.exe	1	1	0

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Jan. 14, 2024, 1:33 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

cmdline	"C:\Windows\System32\cmd.exe" /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit
cmdline	taskkill /im "new_inte.exe" /f
cmdline	C:\Windows\System32\cmd.exe /c taskkill /im "new_inte.exe" /f & erase "C:\Users\test22\AppData\Local\Temp\new_inte.exe" & exit

host

185.172.128.90

file	C:\Users\test22\AppData\Local\Temp\new_inte.exe

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Tepfer.i!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.Downloader.ch
ALYac	Gen:Trojan.Heur.RP.luW@bGPxNopi
Cylance	unsafe
VIPRE	Gen:Trojan.Heur.RP.luW@bGPxNopi
Sangfor	Downloader.Win32.Agent.Vjnh
BitDefender	Gen:Trojan.Heur.RP.luW@bGPxNopi
Cybereason	malicious.16d3d8
Arcabit	Trojan.Heur.RP.E48F1C
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.ELB
APEX	Malicious
McAfee	Artemis!8A6150D9AEEC
Avast	Win32:DropperX-gen [Drp]
Kaspersky	VHO:Trojan-PSW.Win32.Tepfer.gen
Alibaba	TrojanDownloader:Win32/DropperX.e23371e1
MicroWorld-eScan	Gen:Trojan.Heur.RP.luW@bGPxNopi
Rising	Trojan.Generic@AI.100 (RDML:CNtgNH16DDDc1dNCY3OvUQ)
Emsisoft	Gen:Trojan.Heur.RP.luW@bGPxNopi (B)
F-Secure	Heuristic.HEUR/AGEN.1317762
TrendMicro	TROJ_GEN.R06CC0WAD24
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Google	Detected
Avira	HEUR/AGEN.1317762
Antiy-AVL	Trojan[Downloader]/Win32.Agent
Kingsoft	malware.kb.a.771
Microsoft	Trojan:Win32/Znyonm
ZoneAlarm	VHO:Trojan-PSW.Win32.Tepfer.gen
GData	Gen:Trojan.Heur.RP.luW@bGPxNopi
Varist	W32/Agent.EPA.gen!Eldorado
BitDefenderTheta	AI:Packer.781F2A261F
DeepInstinct	MALICIOUS
VBA32	BScope.TrojanPSW.Tepfer
Malwarebytes	Generic.Malware/Suspicious
Tencent	Win32.Trojan-Downloader.Oader.Osmw
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Agent.ELB!tr.dldr
AVG	Win32:DropperX-gen [Drp]
CrowdStrike	win/malicious_confidence_100% (W)

new_inte.exe