Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 14, 2024, 9:39 a.m.	June 14, 2024, 9:43 a.m.

Size	1.8MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`7ff7c6f0c4233bc3c77cdb833764af21`
SHA256	`2230f123368eccb392a097b49de5787b01b9045da5f7f39790004f4714f6895a`
CRC32	`F47A344E`
ssdeep	`24576:7rR64OP+8f3Xi81y598h4aUR2ioM0wD+Ec0xMkN8JsU3Aoh9lsGAFA:3RFOP+Z81yvqY2io/wO9ljAFA`
Yara	IsPE64 - (no description) UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe "C:\Users\test22\AppData\Local\Temp\setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
8.134.33.55	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 14, 2024, 9:39 a.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 14, 2024, 9:40 a.m.	stacktrace: lstrlenW+0x17 SystemTimeToFileTime-0x19 kernelbase+0x17b7 @ 0x7fefd4f17b7 setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001+0x1ba7 @ 0x401ba7 setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001+0x1d7d @ 0x401d7d setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001+0x1a43 @ 0x401a43 setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001+0x13c7 @ 0x4013c7 setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001+0x14cb @ 0x4014cb BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 66 f2 af 48 f7 d1 8d 41 ff eb 00 48 8b 7c 24 08 exception.symbol: lstrlenW+0x17 SystemTimeToFileTime-0x19 kernelbase+0x17b7 exception.instruction: scasw ax, word ptr [rdi] exception.module: KERNELBASE.dll exception.exception_code: 0xc0000005 exception.offset: 6071 exception.address: 0x7fefd4f17b7 registers.r14: 0 registers.r15: 0 registers.rcx: -1 registers.rsi: 0 registers.r10: 65535 registers.rbx: 0 registers.rsp: 2293728 registers.r11: 3 registers.r8: 100 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00043600', u'virtual_address': u'0x000ca000', u'entropy': 7.91619159670261, u'name': u'UPX1', u'virtual_size': u'0x00044000'}

entropy

7.9161915967

description

A section with a high entropy has been found

entropy

0.731343283582

description

Overall entropy of this PE file is high

The executable is compressed using UPX (2 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Communicates with host for which no DNS query was performed (1 event)

host

8.134.33.55

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

8.134.33.55:80

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Convagent.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	Artemis!Trojan
ALYac	Gen:Variant.Tedy.576477
Cylance	Unsafe
VIPRE	Gen:Variant.Tedy.576477
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan-Downloader ( 005b50071 )
BitDefender	Gen:Variant.Tedy.576477
K7GW	Trojan-Downloader ( 005b50071 )
Cybereason	malicious.0c4233
Arcabit	Trojan.Tedy.D8CBDD
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/TrojanDownloader.Agent.ATD
APEX	Malicious
McAfee	Artemis!7FF7C6F0C423
Avast	Win64:Evo-gen [Trj]
Kaspersky	VHO:Trojan.Win64.Convagent.gen
Alibaba	TrojanDownloader:Win64/Generic.2f1b00e0
MicroWorld-eScan	Gen:Variant.Tedy.576477
Rising	Downloader.Agent!1.FAAC (CLOUD)
Emsisoft	Gen:Variant.Tedy.576477 (B)
F-Secure	Trojan.TR/Dldr.Agent.bmmfl
Zillya	Downloader.Agent.Win64.6296
TrendMicro	TROJ_GEN.R002C0XES24
McAfeeD	ti!2230F123368E
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.7ff7c6f0c4233bc3
Sophos	Mal/Generic-S
Ikarus	Trojan-Downloader.Win64.Agent
Google	Detected
Avira	TR/Dldr.Agent.bmmfl
Antiy-AVL	Trojan/Win32.Phonzy
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	VHO:Trojan.Win64.Convagent.gen
GData	Gen:Variant.Tedy.576477
Varist	W64/ABRisk.HKMG-1716
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3791801794
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0XES24
Tencent	Trojan-DL.Win64.Oader.ha
MAX	malware (ai score=83)
Fortinet	PossibleThreat.PALLAS.H
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
alibabacloud	Trojan[downloader]:Win/Agent.AS#

setup%E4%B8%8B%E8%BD%BD%E5%90%8D%E5%8D%95%E7%9B%AE%E5%BD%956001.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All