Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 29, 2024, 7:46 a.m.	March 29, 2024, 7:48 a.m.

Size	4.6MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`28b734a208be706ba26a552f1b0adafe`
SHA256	`a7f44db1d0eff2bff49da2a4c059c2104b900e173da5fad6cec88fbf46a7dd9c`
CRC32	`5E9BDBF3`
ssdeep	`49152:ns7opF2Kvl91QRsOX+apGccWUsPc0MmOY5ku66Tj2MoisgrNeucZQr/W3GJeybP2:sMs5Z5kB+ZvjGeW3Qeybe9Fmd+sN+`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

pt.exe "C:\Users\test22\AppData\Local\Temp\pt.exe"
1156
- cmd.exe "cmd" /C tasklist
  2060
  - tasklist.exe tasklist
    2140

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
95.181.173.171	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW March 29, 2024, 7:39 a.m.	computer_name: TEST22-PC	1	1	0

Command line console output was observed (6 events)

Time & API	Arguments	Status	Return
WriteConsoleW March 29, 2024, 7:38 a.m.	buffer: Args { mode: 'n' } console_handle: 0x0000000000000007	1	1
WriteConsoleW March 29, 2024, 7:39 a.m.	buffer: "C:\\Users\\test22\\AppData\\Local\\Temp\\" console_handle: 0x0000000000000007	1	1
WriteConsoleW March 29, 2024, 7:39 a.m.	buffer: "C:\\Users\\test22\\AppData\\Local\\Temp\\chromium" console_handle: 0x0000000000000007	1	1
WriteConsoleW March 29, 2024, 7:39 a.m.	buffer: "C:\\Users\\test22\\AppData\\Local\\Temp\\chromium" console_handle: 0x0000000000000007	1	1
WriteConsoleW March 29, 2024, 7:39 a.m.	buffer: memory allocation of console_handle: 0x000000000000000b	1	1
WriteConsoleW March 29, 2024, 7:39 a.m.	buffer: bytes failed console_handle: 0x000000000000000b	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 29, 2024, 7:39 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ March 29, 2024, 7:39 a.m.	stacktrace: pt+0x1bbb4e @ 0x13fa4bb4e pt+0x1bbb72 @ 0x13fa4bb72 pt+0x60129 @ 0x13f8f0129 pt+0x3339a2 @ 0x13fbc39a2 pt+0x1c12fe @ 0x13fa512fe pt+0x1bfff6 @ 0x13fa4fff6 pt+0x513be @ 0x13f8e13be pt+0x16a012 @ 0x13f9fa012 pt+0x166e3a @ 0x13f9f6e3a pt+0x16aee2 @ 0x13f9faee2 pt+0x1b33db @ 0x13fa433db BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: cd 29 0f 0b cc cc cc cc cc cc cc cc cc cc cc cc exception.symbol: pt+0x1bbb4e exception.instruction: int 0x29 exception.module: pt.exe exception.exception_code: 0xc0000005 exception.offset: 1817422 exception.address: 0x13fa4bb4e registers.r14: 0 registers.r15: 0 registers.rcx: 7 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 35520032 registers.r11: 514 registers.r8: 35503512 registers.r9: 35503568 registers.rdx: 8796092871248 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

Steals private information from local Internet browsers (50 out of 574 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\43\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny\2021.8.2.1142\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.39.0\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\VideoDecodeStats\LOCK\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SafetyTips\2872\safety_tips.pb\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\
file	C:\Users\test22\AppData\Local\Google\Chrome\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\1.0.0.13\manifest.json\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\djclckkglechooblngghdinmeemkbgci\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Translate Ranker Model\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\VideoDecodeStats\LOG.old\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\7605\_metadata\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\91.265.200\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\7\manifest.fingerprint\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlCsdWhitelist.store\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ZxcvbnData\1\male_names.txt\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\4.10.2209.0\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\7605\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\UrlMalware.store\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\101.3.34.11\_metadata\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journal\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension State\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TLSDeprecationConfig\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.28.0\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FontLookupTableCache\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Applications\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments\2021.7.12.1\_metadata\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\History-journal\Login Data

Executes one or more WMI queries (1 event)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

File has been identified by 9 AntiVirus engines on VirusTotal as malicious (9 events)

Elastic	malicious (moderate confidence)
APEX	Malicious
Kaspersky	UDS:Trojan-PSW.Win32.Greedy
Trapmine	suspicious.low.ml.score
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	UDS:Trojan-PSW.Win32.Greedy
DeepInstinct	MALICIOUS
SentinelOne	Static AI - Suspicious PE
CrowdStrike	win/malicious_confidence_70% (W)