Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 3, 2024, 6:35 p.m.	July 3, 2024, 6:44 p.m.

Size	5.2MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`9f478308a636906db8c36e77ce68b4c2`
SHA256	`544095b7f34939172ea5bd6544be4c82357921f3153d17ac0e4b1b93dc363de4`
CRC32	`DB9AE4AA`
ssdeep	`98304:qigKs0WHiaVQWJuhswoYv5eOaVczo0Ahd6y0Naxxv8fqDDAxNer84qqfW42n:XgnrHiauWJysVYvsO5oyMxxvjDDAxRqk`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

client_win.exe "C:\Users\test22\AppData\Local\Temp\client_win.exe"
2644
- client_win.exe "C:\Users\test22\AppData\Local\Temp\client_win.exe"
  2800

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
WriteConsoleW July 3, 2024, 6:36 p.m.	buffer: Traceback (most recent call last): console_handle: 0x000000000000000b	1	1
WriteConsoleW July 3, 2024, 6:36 p.m.	buffer: File "client_win.py", line 1, in <module> console_handle: 0x000000000000000b	1	1
WriteConsoleW July 3, 2024, 6:36 p.m.	buffer: File "PyInstaller\loader\pyimod02_importers.py", line 419, in exec_module console_handle: 0x000000000000000b	1	1
WriteConsoleW July 3, 2024, 6:36 p.m.	buffer: File "socket.py", line 49, in <module> console_handle: 0x000000000000000b	1	1
WriteConsoleW July 3, 2024, 6:36 p.m.	buffer: ImportError: DLL load failed while importing _socket: 매개 변수가 틀립니다. console_handle: 0x000000000000000b	1	1

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 3, 2024, 6:35 p.m.		1	1	0

file	C:\Users\test22\AppData\Local\Temp\_MEI26442\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26442\python38.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26442\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26442\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI26442\libffi-7.dll

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Skyhigh	BehavesLike.Win64.Suspicioustrojan.tc
ALYac	Gen:Variant.Lazy.560823
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.560823
Sangfor	Trojan.Win32.Lazy.Vfsx
BitDefender	Gen:Variant.Lazy.560823
APEX	Malicious
McAfee	Artemis!9F478308A636
Avast	Win64:Evo-gen [Trj]
MicroWorld-eScan	Gen:Variant.Lazy.560823
Emsisoft	Gen:Variant.Lazy.560823 (B)
Zillya	Trojan.Agent.Win32.3962631
McAfeeD	ti!544095B7F349
FireEye	Gen:Variant.Lazy.560823
MAX	malware (ai score=85)
Gridinsoft	Trojan.Win64.Agent.sa
Arcabit	Trojan.Lazy.D88EB7
GData	Gen:Variant.Lazy.560823
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4240893777
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/PossibleThreat
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml

client_win.exe