Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 6, 2024, 9:34 a.m.	Aug. 6, 2024, 9:38 a.m.

Size	9.7MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`5075f994390f9738e8e69f4de09debe6`
SHA256	`467e49f1f795c1b08245ae621c59cdf06df630fc1631dc0059da9a032858a486`
CRC32	`3A44F98B`
ssdeep	`196608:7Ho2jlyICteEroXxUKQGa3hQgWihENE+sKsXXg+W+TA3ek9WWaC+RnQp:xsInEroXGBGa3h3osKkXg+W+TA37eBns`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

l.exe "C:\Users\test22\AppData\Local\Temp\l.exe"
2544
- l.exe "C:\Users\test22\AppData\Local\Temp\l.exe"
  2712

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 6, 2024, 9:34 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

Creates executable files on the filesystem (47 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-stdio-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-heap-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\msvcp100.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-profile-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-memory-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-runtime-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-processenvironment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-sysinfo-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-utility-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-namedpipe-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-heap-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-time-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-conio-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-file-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\msvcr100.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\ucrtbase.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-util-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-datetime-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-processthreads-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\python310.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-synch-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\libffi-7.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-string-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-processthreads-l1-1-1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-interlocked-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-file-l2-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-math-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-errorhandling-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-environment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-localization-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-convert-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-libraryloader-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-handle-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-timezone-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-console-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-string-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-rtlsupport-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-filesystem-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-synch-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-debug-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-process-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-crt-locale-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25442\api-ms-win-core-file-l1-1-0.dll

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x0000f200', u'virtual_address': u'0x00053000', u'entropy': 7.354853277281127, u'name': u'.rsrc', u'virtual_size': u'0x00010000'}

entropy

7.35485327728

description

A section with a high entropy has been found

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W32.Common.8098BB2F
Lionic	Trojan.Win32.Lazagne.i!c
Skyhigh	BehavesLike.Win64.Dropper.tc
ALYac	Generic.Application.Lazagne.E.AE9D6EFF
Cylance	Unsafe
VIPRE	Generic.Application.Lazagne.E.AE9D6EFF
Sangfor	Riskware.Win32.Lazagne.Ve9v
K7AntiVirus	Trojan ( 005b844e1 )
BitDefender	Generic.Application.Lazagne.E.AE9D6EFF
K7GW	Trojan ( 005b844e1 )
Cybereason	malicious.4390f9
Arcabit	Generic.Application.Lazagne.E.AE9D6EFF
Symantec	PUA.Gen.2
ESET-NOD32	Python/Riskware.LaZagne.Q
APEX	Malicious
McAfee	Artemis!5075F994390F
Avast	Win64:Malware-gen
ClamAV	Win.Trojan.Lazagne-6779429-0
Kaspersky	Trojan-PSW.Win32.Stealer.cfwh
Alibaba	HackTool:Win32/Almi_LaZagne.b
MicroWorld-eScan	Generic.Application.Lazagne.E.AE9D6EFF
Emsisoft	Generic.Application.Lazagne.E.AE9D6EFF (B)
TrendMicro	HackTool.Win64.LaZagne.SM
McAfeeD	ti!467E49F1F795
FireEye	Generic.Application.Lazagne.E.AE9D6EFF
Sophos	ATK/LaZagne-N
SentinelOne	Static AI - Malicious PE
Webroot	W32.HackTool.Gen
Google	Detected
MAX	malware (ai score=82)
Kingsoft	Win32.Trojan-PSW.Stealer.cfwh
Microsoft	HackTool:Win32/LaZagne
ZoneAlarm	Trojan-PSW.Win32.Stealer.cfwh
GData	Generic.Application.Lazagne.E.AE9D6EFF
Varist	W64/ABApplication.BIGU-0156
AhnLab-V3	HackTool/Win.LaZagne.C5652206
DeepInstinct	MALICIOUS
VBA32	TrojanPSW.Stealer
Malwarebytes	Malware.AI.2681500992
Panda	Trj/CI.A
Tencent	Win32.Trojan-QQPass.QQRob.Anhl
huorong	HackTool/Python.LaZagne.c
Fortinet	Riskware/LaZagne
AVG	Win64:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_60% (W)
alibabacloud	Hacktool:Python/laZagne

l.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All