Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 30, 2024, 9:30 a.m.	Sept. 30, 2024, 9:36 a.m.

Size	1.4MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`2e440604cac15e233d3832e00251592e`
SHA256	`7e57e8caddb50f98bd8b3f17fb9fd21372cc32b0147d5e3853f043745e204a41`
CRC32	`E601175B`
ssdeep	`24576:hUNxvqF6FGYJf6yjNQpNONZNlTX5PlGPgquLEIWxUc7N11QaSYx7GqOsWH6UbAh:hUNxvC6FGYJf6yjNQpNONZnTX5PlGPgG`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file

tstory.exe "C:\Users\test22\AppData\Local\Temp\tstory.exe"
2436

Name	Response	Post-Analysis Lookup
weather.yahooapis.com

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (45 events)

Time & API	Arguments	Status	Return
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:31 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:32 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 30, 2024, 9:33 a.m.	computer_name: TEST22-PC	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 30, 2024, 9:31 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	text
section	data

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (22 events)

Time & API	Arguments	Status	Return
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935290368 free_bytes_available: 9935290368 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935290368 free_bytes_available: 9935290368 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:31 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935364096 free_bytes_available: 9935364096 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935298560 free_bytes_available: 9935298560 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:32 a.m.	total_number_of_free_bytes: 9935298560 free_bytes_available: 9935298560 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:33 a.m.	total_number_of_free_bytes: 9935298560 free_bytes_available: 9935298560 root_path: C:\ total_number_of_bytes: 34252779520	1	1
GetDiskFreeSpaceExW Sept. 30, 2024, 9:33 a.m.	total_number_of_free_bytes: 9935298560 free_bytes_available: 9935298560 root_path: C:\ total_number_of_bytes: 34252779520	1	1

Executes one or more WMI queries (1 event)

wmi	SELECT * FROM Win32_Process

File has been identified by 6 AntiVirus engines on VirusTotal as malicious (6 events)

Bkav	W64.AIDetectMalware
VirIT	Trojan.Win64.Agent.GZO
Zillya	Trojan.Crysan.Win64.10
Jiangmin	Trojan.Diztakun.ewn
Google	Detected
Ikarus	Win32.Outbreak

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Sept. 30, 2024, 9:31 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Installs an hook procedure to monitor for mouse events (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW Sept. 30, 2024, 9:31 a.m.	thread_identifier: 0 callback_function: 0x0000000140006b60 hook_identifier: 14 (WH_MOUSE_LL) module_address: 0x0000000140000000	1	1179999	0

tstory.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All