Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 13, 2024, 5:52 p.m.	Oct. 13, 2024, 5:54 p.m.

Size	7.0MB
Type	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5	`49d7ba824b7249c26927e8a086eb879b`
SHA256	`a10386e4d53db8a045aedf7261adfbe05c0afd80a2550b7ad856cec3663cc66d`
CRC32	`C780A623`
ssdeep	`49152:3tjeRpHpc4WLvHplR6mNwZ5bj/pZx2m3v/Ps8Mow1dCSzbL7YI4chxGuevH3nUk4:3QHy4g78kw`
Yara	Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature IsPE32 - (no description) Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
sevtvx17sb.top

IP Address	Status	Action
164.124.101.2	Active	Moloch

Flow	SID	Signature	Category
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 13, 2024, 5:52 p.m.		1	1	0

domain

sevtvx17sb.top

description

Generic top level domain TLD

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 13, 2024, 5:52 p.m.	process_identifier: 2060 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 204800 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x69cc1000 process_handle: 0xffffffff	1	0	0

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.CryptBot.4!c
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKDZ.108181
Cylance	Unsafe
VIPRE	Trojan.GenericKDZ.108181
Sangfor	Trojan.Win32.Kryptik.V5at
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Trojan.GenericKDZ.108181
Arcabit	Trojan.Generic.D1A695
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/GenKryptik.HBZR
APEX	Malicious
Avast	Win32:CrypterX-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
Alibaba	Trojan:Win32/CryptBot.db9d2681
MicroWorld-eScan	Trojan.GenericKDZ.108181
Rising	Trojan.Kryptik!8.8 (TFE:5:25KWoxie6RB)
Emsisoft	Trojan.GenericKDZ.108181 (B)
F-Secure	Trojan.TR/Kryptik.nefer
McAfeeD	ti!A10386E4D53D
CTX	exe.trojan.kryptik
Sophos	Mal/Generic-S
FireEye	Trojan.GenericKDZ.108181
Google	Detected
Avira	TR/Kryptik.nefer
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Win32.Kryptik.sa
Microsoft	Trojan:Win32/CryptBot.AM!MTB
ViRobot	Trojan.Win.Z.Agent.7328768.A
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Trojan.GenericKDZ.108181
Varist	W32/ABTrojan.GEDZ-5959
AhnLab-V3	Infostealer/Win.CryptBot.C5677842
McAfee	Artemis!49D7BA824B72
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.MalPack
Ikarus	Trojan-PSW.Agent
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002H01JC24
Tencent	Win32.Trojan.Genkryptik.Dflw
Fortinet	W32/GenKryptik.HBZR!tr
AVG	Win32:CrypterX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/CryptBot.AZ8PHU

4.exe