Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 19, 2024, 2:30 p.m.	June 19, 2024, 2:32 p.m.

Size	21.6MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`47978fd3f8bef45e4cd2e45c317c8f49`
SHA256	`09020e3e16228b21fe443524fd6213f909670f2cae402551dd0dee466975c488`
CRC32	`E47057E0`
ssdeep	`393216:Rk9w1+TtIiFuAL3cWj6+v07ewWBxRiKrRTSurhMPN3eY9Z8D8Ccl/o2YbIfRoi2G:T1QtIJ2j6+s7LWB75zuPNua8DZclk2o`
Yara	Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

obf.exe "C:\Users\test22\AppData\Local\Temp\obf.exe"
2088
- obf.exe "C:\Users\test22\AppData\Local\Temp\obf.exe"
  2612

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 19, 2024, 2:23 p.m.		1	1	0

file	C:\Users\test22\AppData\Local\Temp\_MEI20882\libcrypto-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\numpy.libs\libopenblas64__v0.3.23-293-gc2f4bdbb-gcc_10_3_0-2bde3a66a51006b2b53eb373ff767a3f.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\VCRUNTIME140_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\libssl-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\python3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\python312.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20882\pywin32_system32\pywintypes312.dll

section

{u'size_of_data': u'0x0000f000', u'virtual_address': u'0x00049000', u'entropy': 7.350146232003548, u'name': u'.rsrc', u'virtual_size': u'0x0000ef8c'}

entropy

7.350146232

description

A section with a high entropy has been found

obf.exe