Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 20, 2024, 9:07 a.m.	Oct. 20, 2024, 9:10 a.m.

Size	145.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`f8576551ec4ffc9392d4c9af9f79423f`
SHA256	`308af6a404d8a91387ddab482a38fdf266e5f903d0e7ff4cac59ebc137ec288c`
CRC32	`0EDC712A`
ssdeep	`3072:bb0uqERCaHZvuig/z5FI2UVnt3s/0OctXldEa:rqERCaHZWrQNnt3GWea`
PDB Path	C:\Users\MALDEV01\Desktop\Evasion\code_test\CVE-2024-35250\x64\Release\CVE-2024-35250.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

CVE-2024-35250.exe "C:\Users\test22\AppData\Local\Temp\CVE-2024-35250.exe"
1000

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

pdb_path

C:\Users\MALDEV01\Desktop\Evasion\code_test\CVE-2024-35250\x64\Release\CVE-2024-35250.pdb

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 20, 2024, 8:59 a.m.		1	1	0

section

_RDATA

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 20, 2024, 8:59 a.m.	stacktrace: RtlAllocateHeap+0x1528 AlpcGetMessageAttribute-0x138 ntdll+0x548c8 @ 0x777148c8 RtlAllocateHeap+0xd9d AlpcGetMessageAttribute-0x8c3 ntdll+0x5413d @ 0x7771413d HeapFree+0xa BaseSetLastNTError-0x16 kernel32+0x2307a @ 0x76fe307a cve-2024-35250+0x1145 @ 0x13f491145 cve-2024-35250+0x13c0 @ 0x13f4913c0 cve-2024-35250+0x18d0 @ 0x13f4918d0 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f0 0f ba 71 08 00 0f 83 20 e2 fc ff 48 8b 40 48 exception.symbol: RtlAllocateHeap+0x1528 AlpcGetMessageAttribute-0x138 ntdll+0x548c8 exception.instruction: btr dword ptr [rcx + 8], 0 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 346312 exception.address: 0x777148c8 registers.r14: 0 registers.r15: 0 registers.rcx: -8410428167880619928 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2620976 registers.r11: 514 registers.r8: 2982336 registers.r9: 2982352 registers.rdx: 1879915906 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8796092882944 registers.r13: 0	1	0	0

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 100)
ALYac	Trojan.GenericKD.74330892
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Trojan.GenericKD.74330892
Arcabit	Trojan.Generic.D46E330C
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Exploit.Generic
APEX	Malicious
Alibaba	Exploit:Application/CVE-2022-21882.8204c58b
MicroWorld-eScan	Trojan.GenericKD.74330892
Emsisoft	Trojan.GenericKD.74330892 (B)
McAfeeD	ti!308AF6A404D8
CTX	exe.trojan.generic
SentinelOne	Static AI - Suspicious PE
FireEye	Trojan.GenericKD.74330892
Google	Detected
Antiy-AVL	GrayWare/Win32.Wacapew
Microsoft	Program:Win32/Wacapew.C!ml
GData	Trojan.GenericKD.74330892
Varist	W64/ABApplication.MSTJ-1165
AhnLab-V3	Trojan/Win.Generic.C5683953
McAfee	Artemis!F8576551EC4F
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware/Suspicious
Ikarus	Exploit.CVE-2022-21882
Panda	Trj/Chgt.AD
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
Paloalto	generic.ml

CVE-2024-35250.exe