Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 4, 2024, 1:19 p.m.	Aug. 4, 2024, 1:39 p.m.

Size	5.7MB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`67b035c3aac011e498d0e6685fde0c16`
SHA256	`9fd5fa5c448fa3efcde68988fd96827beea7974a67fccfd8a1bacdd43dd8a78b`
CRC32	`C5CB104F`
ssdeep	`98304:2CU/wbHqPMD/eJWHGXnB8jxrWPyTPfSjXCNLWo9cpBuhKMKoe1T:WYbKPMDsWHYyrWqTPVNLLcpBGnK`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

win.exe "C:\Users\test22\AppData\Local\Temp\win.exe"
1648
- whoami.exe whoami
  2136

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
107.172.0.206	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Aug. 4, 2024, 1:12 p.m.	buffer: 2024/08/04 13:19:49 Forking console_handle: 0x000000000000000b	1	1	0

section

{u'size_of_data': u'0x005aa000', u'virtual_address': u'0x00a7b000', u'entropy': 7.892144146879635, u'name': u'UPX1', u'virtual_size': u'0x005aa000'}

entropy

7.89214414688

description

A section with a high entropy has been found

entropy

0.999913800534

description

Overall entropy of this PE file is high

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Aug. 4, 2024, 1:12 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

cmdline

whoami

host

107.172.0.206

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress Aug. 4, 2024, 1:12 p.m.	ordinal: 0 function_address: 0x000007fefe467a50 function_name: wine_get_version module: ntdll module_address: 0x00000000776c0000		-1073741511	0

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.CoinMiner.tc
McAfee	Artemis!67B035C3AAC0
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
BitDefender	Trojan.GenericKD.73782744
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of WinGo/Kryptik.FF
APEX	Malicious
Avast	FileRepMalware [Misc]
Kaspersky	Backdoor.Win64.Supershell.eh
Alibaba	Trojan:Win64/ShellcodeRunner.d6a70e78
MicroWorld-eScan	Trojan.GenericKD.73782744
Rising	Trojan.Agent!1.FF00 (CLOUD)
Emsisoft	Trojan.GenericKD.73782744 (B)
F-Secure	Trojan.TR/AVI.Agent.sohkb
McAfeeD	ti!9FD5FA5C448F
FireEye	Trojan.GenericKD.73782744
Sophos	CXrep/MalGo-B
Ikarus	Trojan.WinGo.Injector
Google	Detected
Avira	TR/AVI.Agent.sohkb
Antiy-AVL	GrayWare/Win32.Kryptik.ffp
Kingsoft	Win32.Hack.Undef.a
Gridinsoft	Trojan.Win64.Kryptik.sa
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	Backdoor.Win64.Supershell.eh
GData	Win64.Trojan.Agent.XQYTL0
Varist	W64/Agent.FXW.gen!Eldorado
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3978387212
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R014H01H324
MAX	malware (ai score=83)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.FF!tr
AVG	FileRepMalware [Misc]
Paloalto	generic.ml
alibabacloud	Trojan:Multi/ShellcodeRunner.GXZ#3DGW

win.exe