Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 16, 2024, 11 a.m.	Oct. 16, 2024, 11:34 a.m.

Size	245.5KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`079caee72a8dac67029b96992050be5b`
SHA256	`e7548ff8c5dac69f9e13dbf0384708490c1482e6f84603f59d8194d78504ec51`
CRC32	`3D6BEDF5`
ssdeep	`3072:rEeUvKgWThGS+h5EtoJNEQE+bousFGTEgo+EX9MKWEGTEgo+Em9MKWIt:YevTQSKCtoJqQE5NFHgoHTWEHgo2TW+`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader.bin.dll,?ReflectiveLoader@@YA_KXZ
2560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader.bin.dll,?ReflectiveLoader@@YA_KXZ
  2704
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\loader.bin.dll,
2644

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.21.67.152	Active	Moloch

No Suricata Alerts

No Suricata TLS

host

104.21.67.152

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Redcap.4!c
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.PUP.dm
ALYac	Gen:Variant.Lazy.604083
Cylance	Unsafe
VIPRE	Gen:Variant.Lazy.604083
Sangfor	Trojan.Win32.Lazy.Vnmd
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Gen:Variant.Lazy.604083
K7GW	Riskware ( 00584baa1 )
K7AntiVirus	Riskware ( 00584baa1 )
Arcabit	Trojan.Lazy.D937B3
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	TrojanDownloader:Win32/Redcap.e6cc7e01
MicroWorld-eScan	Gen:Variant.Lazy.604083
Rising	Trojan.Generic!8.C3 (TFE:5:QWGKLDjTyfV)
Emsisoft	Gen:Variant.Lazy.604083 (B)
F-Secure	Trojan.TR/Redcap.otcpx
McAfeeD	ti!E7548FF8C5DA
Trapmine	malicious.high.ml.score
CTX	dll.trojan.generic
Sophos	Harmony Loader (PUA)
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.079caee72a8dac67
Jiangmin	Trojan.Generic.htciv
Avira	TR/Redcap.otcpx
Antiy-AVL	Trojan/Win32.Agent
Kingsoft	malware.kb.a.1000
Gridinsoft	Trojan.Win64.Agent.sa
Microsoft	Trojan:Win32/Wacatac.B!ml
ZoneAlarm	HEUR:Trojan-Downloader.Win64.Agent.c
GData	Gen:Variant.Lazy.604083
Varist	W64/ABApplication.FAXW-8619
AhnLab-V3	Trojan/Win.Inject.R672501
McAfee	Artemis!079CAEE72A8D
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.798652179
Panda	Trj/GdSda.A
Tencent	Win64.Trojan-Downloader.Agent.Tsmw
Fortinet	W32/PossibleThreat
AVG	Win32:MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan[downloader]:Win/Wacapew.C9nj

loader.bin