Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 1, 2024, 8:49 a.m.	June 1, 2024, 8:53 a.m.

Size	138.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`2ddfe23a170af97ebbfe8ccc260ef462`
SHA256	`56149c2caa7e4b648802d12d51fcd0d6523640925b44524d5261f193e7e217d6`
CRC32	`797BF9AE`
ssdeep	`3072:WVgniPw13ewPXAFFOCpOiAiZNYF4sn3zckV/N+Ag0FujTXfh9v2Vht:WVgnwotoFF1pWaNYKsnFEAOBJ2Vht`
PDB Path	E:\Projects\WxWorkMultiOpen\Release\WxWorkMultiOpen.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

WxWorkMultiOpen.exe "C:\Users\test22\AppData\Local\Temp\WxWorkMultiOpen.exe"
2652

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

pdb_path

E:\Projects\WxWorkMultiOpen\Release\WxWorkMultiOpen.pdb

Time & API	Arguments	Status	Return
Process32NextW June 1, 2024, 8:49 a.m.	snapshot_handle: 0x000000a8 process_name: mobsync.exe process_identifier: 2288	1	1
Process32NextW June 1, 2024, 8:49 a.m.	snapshot_handle: 0x000000a8 process_name: wsqmcons.exe process_identifier: 2380	1	1
Process32NextW June 1, 2024, 8:49 a.m.	snapshot_handle: 0x000000a8 process_name: sc.exe process_identifier: 2408	1	1
Process32NextW June 1, 2024, 8:49 a.m.	snapshot_handle: 0x000000a8 process_name: WxWorkMultiOpen.exe process_identifier: 2652	1	1

Time & API	Arguments	Status	Return
LookupPrivilegeValueW June 1, 2024, 8:49 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW June 1, 2024, 8:49 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW June 1, 2024, 8:49 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.BadFile.ch
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
McAfee	Artemis!2DDFE23A170A
Rising	Trojan.Generic@AI.100 (RDML:RovDt5c8miygP7OCA115CQ)
McAfeeD	ti!56149C2CAA7E
FireEye	Generic.mg.2ddfe23a170af97e
Sophos	Generic ML PUA (PUA)
Antiy-AVL	Trojan/Win32.Znyonm
Microsoft	Trojan:Win32/Casdet!rfn
ViRobot	Trojan.Win.Z.Agent.141824.CI
AhnLab-V3	Trojan/Win.Generic.C4979265
BitDefenderTheta	Gen:NN.ZexaF.36806.iuW@a0fNK4di
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3262332800
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)

WxWorkMultiOpen.exe