Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Aug. 1, 2024, 2:53 p.m.	Aug. 1, 2024, 2:55 p.m.

Size	606.6KB
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`3d2fb2e111412d2d844d223b79fb5c99`
SHA256	`0fbb21dd4fd0e0305b57e64f18129682a0416cf852d6bc88b53960e6b48603eb`
CRC32	`0D984A9E`
ssdeep	`12288:Gk6EWzQbUt7KIFeFTzscStmtRo/pqLayo1k+bsLiRKZQ0oJz:GjEWzDF8rTo/UKoKWQ0oJz`
Yara	PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\faultrep2.dll,WerpInitiateCrashReporting
3040
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\faultrep2.dll,WerpInitiateCrashReporting
  2380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\faultrep2.dll,
2268
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\faultrep2.dll,WerpInitiateCrashReporting6
2212
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\faultrep2.dll,WerpInitiateCrashReporting6
  2400

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 1, 2024, 2:53 p.m.			0	0
IsDebuggerPresent Aug. 1, 2024, 2:53 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 1, 2024, 2:53 p.m.	process_identifier: 2380 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory Aug. 1, 2024, 2:53 p.m.	process_identifier: 2400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1	0	0

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Agent.Y!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Dxh
Skyhigh	BehavesLike.Win64.Trojan.jc
ALYac	Trojan.Agent.Wacatac
Cylance	Unsafe
VIPRE	Trojan.GenericKD.73402070
Sangfor	Dropper.Win32.Kryptik.V3dw
K7AntiVirus	Trojan ( 005b56d51 )
BitDefender	Trojan.GenericKD.73402070
K7GW	Trojan ( 005b56d51 )
Arcabit	Trojan.Generic.D46006D6
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik_AGen.DXH
APEX	Malicious
McAfee	Artemis!3D2FB2E11141
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	Trojan-Dropper.Win64.Agent.aln
Alibaba	TrojanDropper:Win32/Malgent.2a3d24b1
MicroWorld-eScan	Trojan.GenericKD.73402070
Rising	Trojan.AntiVM!1.CC71 (CLASSIC)
Emsisoft	Trojan.GenericKD.73402070 (B)
F-Secure	Trojan.TR/Kryptik.lymft
Zillya	Trojan.KryptikAGen.Win32.232869
TrendMicro	TROJ_GEN.R002C0XGM24
McAfeeD	ti!0FBB21DD4FD0
FireEye	Trojan.GenericKD.73402070
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Kryptik.lymft
MAX	malware (ai score=84)
Antiy-AVL	Trojan/Win32.Kryptik
Kingsoft	Win64.Trojan-Dropper.Agent.a
Xcitium	Malware@#1rcwuq7qekgfw
Microsoft	Trojan:Win32/Malgent!MSR
ZoneAlarm	Trojan-Dropper.Win64.Agent.aln
GData	Trojan.GenericKD.73402070
Varist	W64/ABTrojan.BRAX-1927
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3902949423
Ikarus	Trojan.Win32.Crypt
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0XGM24
Tencent	Malware.Win32.Gencirc.1412ad9c
huorong	Trojan/Generic!5275E8365F456920
Fortinet	W32/Kryptik_AGen.DXH!tr
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml

faultrep2.dll