Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 5, 2024, 9:28 a.m.	Aug. 5, 2024, 9:38 a.m.

Size	211.5KB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`edf60741d8f0f84ac05c3c3abe96f531`
SHA256	`c8009295795a41ddf450d7e6fd947d17f0a344aedb28cb1f1d00d5b28d225acd`
CRC32	`02159FF7`
ssdeep	`3072:JLCP23GB0kWd9F4VhNvmvM1wnTqHcXFI:JWSY0o/vmvBn9XF`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
152.136.159.25	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 5, 2024, 9:28 a.m.	stacktrace: 0x731320 0xcc000c 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed exception.instruction: lodsb al, byte ptr [rsi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x731320 registers.r14: 1453503984 registers.r15: 0 registers.rcx: 110 registers.rsi: 110 registers.r10: 0 registers.rbx: 7541958 registers.rsp: 10811504 registers.r11: 514 registers.r8: 8791748268556 registers.r9: 0 registers.rdx: 1994794592 registers.r12: 0 registers.rbp: 7541498 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 5, 2024, 9:28 a.m.	process_identifier: 2560 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000640000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory Aug. 5, 2024, 9:28 a.m.	process_identifier: 2560 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000730000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

host

152.136.159.25

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Infected.dt
McAfee	Artemis!EDF60741D8F0
VIPRE	Gen:Variant.Zusy.554542
Sangfor	Trojan.Win64.Kryptik.Vmzz
K7AntiVirus	Trojan ( 00594da41 )
BitDefender	Gen:Variant.Zusy.554542
K7GW	Trojan ( 00594da41 )
Cybereason	malicious.1d8f0f
Arcabit	Trojan.Zusy.D8762E
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/GenKryptik.FWMV
APEX	Malicious
Avast	Win64:Evo-gen [Trj]
ClamAV	Win.Malware.Zusy-10033301-0
Alibaba	Trojan:Win64/GenKryptik.36faa6eb
MicroWorld-eScan	Gen:Variant.Zusy.554542
Rising	Trojan.Kryplod!8.100A5 (TFE:5:AImjlJANoeK)
Emsisoft	Gen:Variant.Zusy.554542 (B)
F-Secure	Trojan.TR/AD.PatchedWinSwrort.ckfiy
DrWeb	BackDoor.Meterpreter.157
Zillya	Trojan.GenKryptik.Win64.27153
McAfeeD	ti!C8009295795A
FireEye	Gen:Variant.Zusy.554542
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Crypt
Google	Detected
Avira	TR/AD.PatchedWinSwrort.ckfiy
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win64.GenKryptik
Gridinsoft	Trojan.Win64.Kryptik.sa
Microsoft	Trojan:Win64/CobaltStrike.AMBA!MTB
ViRobot	Trojan.Win.Z.Zusy.216576.C
GData	Gen:Variant.Zusy.554542
Varist	W64/ABTrojan.LDIF-3055
AhnLab-V3	Trojan/Win.CobaltStrike.C5628252
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3638408099
Panda	Trj/GdSda.A
Tencent	Trojan.Win64.Kryptik.hm
Fortinet	W64/Kryptik.DWZ!tr
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/CobaltStrike.AZHO3DGW

demo.exe