Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 14, 2024, 9:38 a.m.	June 14, 2024, 9:41 a.m.

Size	125.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`50c43ce25a63eb9f2c4b74e215be8135`
SHA256	`8141aa8c8a19c466ed5d40f7d19e71a54889689711c2f2ca359e6290d24b2888`
CRC32	`0350D19B`
ssdeep	`3072:TLzCQAdvh65bOaTzVlQxI+2SRvp/7UxQV2dehOAGwu1U2:TfCHhgpTzLQW+24vp/7UxQZkwu`
Yara	IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe "C:\Users\test22\AppData\Local\Temp\setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe"
2540

Name	Response	Post-Analysis Lookup
cwgedu.cn	A 8.134.239.3	8.134.239.3

IP Address	Status	Action
164.124.101.2	Active	Moloch
8.134.239.3	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49161 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected
TCP 192.168.56.101:49163 -> 8.134.239.3:80	2003635	ET MALWARE Suspicious User Agent Detected (RookIE) - Common with Downloaders	A Network Trojan was detected

Suricata TLS

No Suricata TLS

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

Connection to IP address

suspicious_request

GET http://8.134.239.3/123.conf

Performs some HTTP requests (11 events)

request	GET http://8.134.239.3/123.conf
request	GET http://cwgedu.cn/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf
request	GET http://cwgedu.cn/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/diangong/123.conf

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W32.Common.6E1AEB8B
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.NetLoader.cm
ALYac	Gen:Variant.Doina.74560
Cylance	Unsafe
VIPRE	Gen:Variant.Doina.74560
Sangfor	Trojan.Win32.SilverFoxPrompt.swkaa
K7AntiVirus	Trojan-Downloader ( 0055cb2d1 )
BitDefender	Gen:Variant.Doina.74560
K7GW	Trojan-Downloader ( 0055cb2d1 )
Arcabit	Trojan.Doina.D12340
VirIT	Trojan.Win64.Genus.GRU
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/TrojanDownloader.Agent.EJ
APEX	Malicious
McAfee	Artemis!50C43CE25A63
Avast	Win64:DropperX-gen [Drp]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	TrojanDownloader:Win64/DropperX.da51bbb7
MicroWorld-eScan	Gen:Variant.Doina.74560
Rising	Downloader.Agent!8.B23 (TFE:5:u1ZK0LTan7U)
Emsisoft	Gen:Variant.Doina.74560 (B)
F-Secure	Trojan.TR/Dldr.Agent.kasgn
Zillya	Downloader.Agent.Win64.6323
TrendMicro	TROJ_GEN.R002C0XFD24
McAfeeD	ti!8141AA8C8A19
FireEye	Gen:Variant.Doina.74560
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Win64.Agent
Google	Detected
Avira	TR/Dldr.Agent.kasgn
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Win32.Wacatac
Microsoft	Trojan:Win32/Casdet!rfn
ViRobot	Trojan.Win.Z.Agent.128512.EK
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Doina.74560
Varist	W64/ABDownloader.SGPL-3933
AhnLab-V3	Trojan/Win.Generic.C5623900
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.2449400482
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0XFD24
Tencent	Malware.Win32.Gencirc.11c0072e
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.248610409.susgen
Fortinet	W64/Agent.EJ!tr.dldr
AVG	Win64:DropperX-gen [Drp]

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All