Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 9, 2024, 4:12 p.m.	Aug. 9, 2024, 4:14 p.m.

Size	1.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`ca817109712a3e97bf8026cdc810743d`
SHA256	`6badd865383f71c6d26322fcf3b6b94a5a511981fcb04c8452ff20c8528e0059`
CRC32	`30E67FE8`
ssdeep	`24576:/cHSfhDMKnkUTgZGLvbPKqCRrLA3FcFfhk1Llhyblaf2iivi3a4c49yYPp:iSZYjUaQvbJQgFcoplMBu2/vvj4cep`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

Rage.exe "C:\Users\test22\AppData\Local\Temp\Rage.exe"
184
- AutoIt3.exe "C:\ProgramData\wvtynvwe\AutoIt3.exe" C:\ProgramData\wvtynvwe\clxs.a3x
  2104

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 9, 2024, 4:12 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 9, 2024, 4:12 p.m.		1	1	0

section

.ndata

file	C:\ProgramData\435687634234262.exe
file	C:\ProgramData\wvtynvwe\AutoIt3.exe

file	C:\ProgramData\wvtynvwe\AutoIt3.exe

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Scrop.b!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win32.GuLoader.tc
McAfee	Artemis!CA817109712A
Cylance	Unsafe
Sangfor	Trojan.Win32.Agent.Vb2v
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Trojan.Generic.36690163
K7GW	Riskware ( 00584baa1 )
Symantec	Trojan.Gen.MBT
tehtris	Generic.Malware
APEX	Malicious
Avast	NSIS:MalwareX-gen [Trj]
ClamAV	Win.Dropper.Detected-10023879-0
Kaspersky	VHO:Trojan-Dropper.Win32.Scrop.gen
MicroWorld-eScan	Trojan.Generic.36690163
Emsisoft	Trojan.Generic.36690163 (B)
F-Secure	Heuristic.HEUR/AGEN.1338067
DrWeb	Trojan.Inject5.5985
TrendMicro	Trojan.Win32.PRIVATELOADER.YXEHFZ
McAfeeD	ti!6BADD865383F
FireEye	Generic.mg.ca817109712a3e97
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Google	Detected
Avira	HEUR/AGEN.1338067
MAX	malware (ai score=84)
Kingsoft	malware.kb.a.999
Gridinsoft	Ransom.Win32.Sabsik.sa
ZoneAlarm	VHO:Trojan-Dropper.Win32.Scrop.gen
GData	Win32.Trojan.Agent.UKY4MX
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4278520903
TrendMicro-HouseCall	Trojan.Win32.PRIVATELOADER.YXEHFZ
MaxSecure	Trojan.Malware.73742979.susgen
AVG	NSIS:MalwareX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (D)

Rage.exe