Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 20, 2024, 10:31 a.m.	Sept. 20, 2024, 10:34 a.m.

Size	280.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6171efb98ce36e0d0f9e6a416c15afb8`
SHA256	`aff8d33bae045722ffed6e567006c6be52cc55ad1fc79b78ea2f52d55156e30e`
CRC32	`098BA09B`
ssdeep	`6144:gFua96dWR7Q/RiefxoxewWpP0Yoh883sADH0pQDnnTpL5:VaIdWRcpZJoEwgfO3Yp+nTpL`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

66ec0e61998bf_setup30.exe "C:\Users\test22\AppData\Local\Temp\66ec0e61998bf_setup30.exe"
840

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 20, 2024, 10:32 a.m.	process_identifier: 840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 180224 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02900000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 20, 2024, 10:32 a.m.	process_identifier: 840 region_size: 45056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

section

{u'size_of_data': u'0x00037400', u'virtual_address': u'0x00001000', u'entropy': 7.859152665048961, u'name': u'.text', u'virtual_size': u'0x000373ea'}

entropy

7.85915266505

description

A section with a high entropy has been found

entropy

0.790697674419

description

Overall entropy of this PE file is high

Bkav	W32.AIDetectMalware
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
CAT-QuickHeal	Ransom.Stop.P5
Skyhigh	BehavesLike.Win32.Generic.dc
McAfee	Artemis!6171EFB98CE3
Cylance	Unsafe
Sangfor	Ransom.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (D)
K7GW	Trojan ( 005579741 )
K7AntiVirus	Trojan ( 00516fdf1 )
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Kryptik.HXXG
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
ClamAV	Win.Packer.pkr_ce1a-9980177-0
Rising	Trojan.Kryptik@AI.90 (RDML:EWR2iS3GxoGXbNky7UZ9vQ)
McAfeeD	Real Protect-LS!6171EFB98CE3
Trapmine	malicious.moderate.ml.score
Sophos	ML/PE-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.6171efb98ce36e0d
Google	Detected
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Win32.Amadey.dd!n
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
Varist	W32/Kryptik.MIZ.gen!Eldorado
VBA32	Trojan.Buzus
DeepInstinct	MALICIOUS
Malwarebytes	Malware.Heuristic.2114
Ikarus	Trojan.Win32.Crypt
TrendMicro-HouseCall	TROJ_GEN.R06CH07IJ24
Tencent	Trojan.Win32.Obfuscated.gen
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml

66ec0e61998bf_setup30.exe