Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 25, 2024, 10:43 a.m.	Sept. 25, 2024, 10:45 a.m.

Size	8.2MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`66c1d33fa2373f9f734336b87f123e31`
SHA256	`d517b2b6470277c859b9fe1d91008c5072f3c019c2ef8d0a45a0c6112aac6ace`
CRC32	`0BE354F9`
ssdeep	`196608:KEWBOnurErvI9pWjg/Qc+4o673pNrabebSEdyzWGPMYnN9sp:a0urEUWjZZ4dDLIeW7zWGPTNCp`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

Software.exe "C:\Users\test22\AppData\Local\Temp\Software.exe"
1932
- Software.exe "C:\Users\test22\AppData\Local\Temp\Software.exe"
  2172

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 25, 2024, 10:43 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 25, 2024, 10:43 a.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 25, 2024, 10:44 a.m.	stacktrace: 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 0x7fef7c97ef8 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x7fef7c97ef8 registers.r14: 0 registers.r15: 196978 registers.rcx: 196978 registers.rsi: 1 registers.r10: 196978 registers.rbx: 0 registers.rsp: 3571688 registers.r11: 0 registers.r8: 1 registers.r9: 0 registers.rdx: 28 registers.r12: 0 registers.rbp: 9215120 registers.rdi: 0 registers.rax: 3571792 registers.r13: 28	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Sept. 25, 2024, 10:44 a.m.

stacktrace:

0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8
0x7fef7c97ef8

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x7fef7c97ef8
registers.r14: 0
registers.r15: 196978
registers.rcx: 196978
registers.rsi: 1
registers.r10: 196978
registers.rbx: 0
registers.rsp: 3571688
registers.r11: 0
registers.r8: 1
registers.r9: 0
registers.rdx: 28
registers.r12: 0
registers.rbp: 9215120
registers.rdi: 0
registers.rax: 3571792
registers.r13: 28

Creates executable files on the filesystem (46 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-errorhandling-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-sysinfo-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-heap-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-file-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-handle-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\libcrypto-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-file-l2-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-runtime-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-process-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-file-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-util-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-heap-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-console-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-convert-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-namedpipe-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-environment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-locale-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-localization-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-interlocked-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-libraryloader-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-processenvironment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-processthreads-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-profile-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-debug-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-synch-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-string-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-processthreads-l1-1-1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\python312.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-conio-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-stdio-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\ucrtbase.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\rar.exe
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-math-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-timezone-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-utility-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-time-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-rtlsupport-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-crt-filesystem-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-datetime-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-synch-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\libssl-3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-string-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI19322\api-ms-win-core-memory-l1-1-0.dll

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.PyInstaller.l!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Expiro.rc
ALYac	Gen:Variant.Lazy.552611
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.552611
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_60% (D)
BitDefender	Generic.Znyonm.B.46984ABB
K7GW	Trojan ( 005b7c721 )
K7AntiVirus	Trojan ( 005b7c721 )
Arcabit	Generic.Znyonm.B.DB788ABB
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Packed.PyInstaller.O suspicious
APEX	Malicious
Avast	Win32:Agent-BDOJ [Trj]
Kaspersky	Trojan-Spy.Win32.Agent.dffz
Alibaba	Packed:Win32/PyInstaller.8e450e63
MicroWorld-eScan	Generic.Znyonm.B.46984ABB
Rising	Spyware.Agent/PYC!1.EA8F (CLASSIC)
Emsisoft	Generic.Znyonm.B.46984ABB (B)
F-Secure	Trojan.TR/Crypt.FKM.Gen
Zillya	Trojan.Agent.Win32.3991781
McAfeeD	ti!D517B2B64702
CTX	exe.trojan.pyinstaller
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
FireEye	Generic.Znyonm.B.46984ABB
Google	Detected
Avira	TR/Crypt.FKM.Gen
Kingsoft	Win32.Trojan-Spy.Agent.dffz
Gridinsoft	Malware.Win64.Gen.tr
ZoneAlarm	Trojan-Spy.Win32.Agent.dffz
GData	Generic.Znyonm.B.46984ABB
Varist	W64/Agent.IMI.gen!Eldorado
McAfee	Artemis!66C1D33FA237
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.4023972193
Ikarus	Trojan-Spy.Pyhton.Blank-C
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H07IH24
Tencent	Win32.Trojan.Agent.Vimw
huorong	TrojanSpy/Python.Stealer.d
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W64/PyInstaller.L!tr
AVG	Win32:Agent-BDOJ [Trj]
Paloalto	generic.ml

Software.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All