Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 13, 2024, 9:23 a.m.	Sept. 13, 2024, 9:37 a.m.

Size	2.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`cf14880e3a7fba74c80f21685cd15718`
SHA256	`a33f295649eea0542da21ed408566d07f7c3729c058ff07580326d0a9956aa75`
CRC32	`133A0752`
ssdeep	`49152:VstPILbiw+k7U5kl/qLigcrOJEYkB7OJv6073bIVmRTqRLDIPHo:VwgLGwjI5klUigKYkBEvHPIoRQDI`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature ASPack_Zero - ASPack packed file IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

%E6%B5%99%E6%B1%9F%E8%BF%AA%E8%89%BE%E6%99%BA%E6%8E%A7%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E8%96%AA%E8%B5%84%E8%A1%A8.exe "C:\Users\test22\AppData\Local\Temp\%E6%B5%99%E6%B1%9F%E8%BF%AA%E8%89%BE%E6%99%BA%E6%8E%A7%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E8%96%AA%E8%B5%84%E8%A1%A8.exe"
2536
- %E6%B5%99%E6%B1%9F%E8%BF%AA%E8%89%BE%E6%99%BA%E6%8E%A7%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E8%96%AA%E8%B5%84%E8%A1%A8.exe "C:\Users\test22\AppData\Local\Temp\%E6%B5%99%E6%B1%9F%E8%BF%AA%E8%89%BE%E6%99%BA%E6%8E%A7%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E8%96%AA%E8%B5%84%E8%A1%A8.exe"
  2636

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 13, 2024, 9:23 a.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 13, 2024, 9:23 a.m.	stacktrace: LdrResFindResourceDirectory+0x606 RtlEncodeSystemPointer-0x3d ntdll+0x3e01b @ 0x76f4e01b LdrLoadDll+0x2f5 _strcmpi-0x8a ntdll+0x3c72f @ 0x76f4c72f RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x76f4c389 RtlFlsAlloc+0x993 EtwNotificationRegister-0x13c ntdll+0x3f3f6 @ 0x76f4f3f6 RtlEncodeSystemPointer+0x33d RtlFindClearBits-0x454 ntdll+0x3e395 @ 0x76f4e395 RtlSetBits+0x115 RtlFlsAlloc-0x5e ntdll+0x3ea05 @ 0x76f4ea05 RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52 RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52 RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x76f4d69f LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x76f4c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7354d4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75981d2a %e6%b5%99%e6%b1%9f%e8%bf%aa%e8%89%be%e6%99%ba%e6%8e%a7%e7%a7%91%e6%8a%80%e8%82%a1%e4%bb%bd%e6%9c%89%e9%99%90%e5%85%ac%e5%8f%b8-%e8%96%aa%e8%b5%84%e8%a1%a8+0x6aaf @ 0xeb6aaf exception.instruction_r: 83 38 48 0f 82 39 ff 01 00 8b 48 40 85 c9 0f 84 exception.symbol: LdrResFindResourceDirectory+0x9f RtlEncodeSystemPointer-0x5a4 ntdll+0x3dab4 exception.instruction: cmp dword ptr [eax], 0x48 exception.module: ntdll.dll exception.exception_code: 0xc0000006 exception.offset: 252596 exception.address: 0x76f4dab4 registers.esp: 4751588 registers.edi: 1 registers.eax: 268468152 registers.ebp: 4751592 registers.edx: 268468152 registers.ebx: 268435456 registers.esi: 1996562944 registers.ecx: 64	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Sept. 13, 2024, 9:23 a.m.

stacktrace:

LdrResFindResourceDirectory+0x606 RtlEncodeSystemPointer-0x3d ntdll+0x3e01b @ 0x76f4e01b
LdrLoadDll+0x2f5 _strcmpi-0x8a ntdll+0x3c72f @ 0x76f4c72f
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x76f4c389
RtlFlsAlloc+0x993 EtwNotificationRegister-0x13c ntdll+0x3f3f6 @ 0x76f4f3f6
RtlEncodeSystemPointer+0x33d RtlFindClearBits-0x454 ntdll+0x3e395 @ 0x76f4e395
RtlSetBits+0x115 RtlFlsAlloc-0x5e ntdll+0x3ea05 @ 0x76f4ea05
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d
RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f
RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d
LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x76f4d69f
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x76f4c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x7354d4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75981d2a
%e6%b5%99%e6%b1%9f%e8%bf%aa%e8%89%be%e6%99%ba%e6%8e%a7%e7%a7%91%e6%8a%80%e8%82%a1%e4%bb%bd%e6%9c%89%e9%99%90%e5%85%ac%e5%8f%b8-%e8%96%aa%e8%b5%84%e8%a1%a8+0x6aaf @ 0xeb6aaf

exception.instruction_r: 83 38 48 0f 82 39 ff 01 00 8b 48 40 85 c9 0f 84
exception.symbol: LdrResFindResourceDirectory+0x9f RtlEncodeSystemPointer-0x5a4 ntdll+0x3dab4
exception.instruction: cmp dword ptr [eax], 0x48
exception.module: ntdll.dll
exception.exception_code: 0xc0000006
exception.offset: 252596
exception.address: 0x76f4dab4
registers.esp: 4751588
registers.edi: 1
registers.eax: 268468152
registers.ebp: 4751592
registers.edx: 268468152
registers.ebx: 268435456
registers.esi: 1996562944
registers.ecx: 64

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI25362\python37.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25362\VCRUNTIME140.dll

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win32.Generic.vc
ALYac	Trojan.GenericKD.74052383
Cylance	Unsafe
VIPRE	Trojan.GenericKD.74052383
Sangfor	Trojan.Win32.Agent.uyyg
BitDefender	Trojan.GenericKD.74052383
Arcabit	Trojan.Generic.D469F31F
Symantec	ML.Attribute.HighConfidence
APEX	Malicious
Avast	Win32:Malware-gen
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Any/Generic.a
MicroWorld-eScan	Trojan.GenericKD.74052383
Emsisoft	Trojan.GenericKD.74052383 (B)
F-Secure	Trojan.TR/AD.Swrort.dsesg
TrendMicro	Backdoor.Win32.COBEACON.YXEHMZ
McAfeeD	ti!A33F295649EE
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.mg.cf14880e3a7fba74
Jiangmin	TrojanSpy.Python.ao
Avira	TR/AD.Swrort.dsesg
Kingsoft	Win32.Trojan.Generic.a
Microsoft	Trojan:Win32/Meterpreter
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.GenericKD.74052383
Varist	W32/ABTrojan.LPVN-4673
McAfee	Artemis!CF14880E3A7F
DeepInstinct	MALICIOUS
Malwarebytes	MachineLearning/Anomalous.100%
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Backdoor.Win32.COBEACON.YXEHMZ
Tencent	Win32.Trojan.Generic.Fflw
huorong	Trojan/Generic!56E7858764E43640
MaxSecure	Trojan.Malware.7164915.susgen
Fortinet	PossibleThreat.MU
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_90% (W)
alibabacloud	Backdoor:Multi/ShellcodeLoader

%E6%B5%99%E6%B1%9F%E8%BF%AA%E8%89%BE%E6%99%BA%E6%8E%A7%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8-%E8%96%AA%E8%B5%84%E8%A1%A8.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All