Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 8, 2024, 5 p.m.	July 8, 2024, 5:02 p.m.

Size	3.2MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`f84d08aa136cff60ce8e8c45202190af`
SHA256	`7d03d75d38cc9ae688d780c8afd0eae3a6d4417f0227e9e115c0c6cc19f356aa`
CRC32	`EE913470`
ssdeep	`49152:NrW1vjSdjSqhyhc+KJiADCIytuDZ3M4WiPA1NHySRUkfVhupolGB/K7tysepFx+:tsLSd+I+6nD6D41US/whupolbepFx+`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch
43.143.246.38	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW July 8, 2024, 4:52 p.m.	buffer: 2024/07/08 17:00:07 Forking console_handle: 0x000000000000000b	1	1	0

section

{u'size_of_data': u'0x0032c400', u'virtual_address': u'0x0058d000', u'entropy': 7.900297730560211, u'name': u'UPX1', u'virtual_size': u'0x0032d000'}

entropy

7.90029773056

description

A section with a high entropy has been found

entropy

0.999846130174

description

Overall entropy of this PE file is high

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW July 8, 2024, 4:53 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

cmdline

whoami

host

43.143.246.38

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 8, 2024, 4:52 p.m.	ordinal: 0 function_address: 0x000007fefe347a50 function_name: wine_get_version module: ntdll module_address: 0x0000000077290000		-1073741511	0
LdrGetProcedureAddress July 8, 2024, 4:52 p.m.	ordinal: 0 function_address: 0x000007fefe347a50 function_name: wine_get_version module: ntdll module_address: 0x0000000077290000		-1073741511	0

cc.exe