Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 20, 2024, 9:17 a.m.	Oct. 20, 2024, 9:52 a.m.

Size	7.9MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`487901443f9e51ad732b1cd856b03c69`
SHA256	`2de955cb5926261634ce51565e5cc9fd52ebccd9c3b7f8b5dd1db369cb1f9731`
CRC32	`24E63DD3`
ssdeep	`196608:JWCfUgRrs7TpVVuWJysVYvsOgtdIQLOMIdiwoEbPva8Mho:TfDRrG8WJvtaL/dNDvba`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

LicenseMalwareBytes.exe "C:\Users\test22\AppData\Local\Temp\LicenseMalwareBytes.exe"
652
- LicenseMalwareBytes.exe "C:\Users\test22\AppData\Local\Temp\LicenseMalwareBytes.exe"
  2064
  - cmd.exe C:\Windows\system32\cmd.exe /c gpupdate /force
    2552
    - gpupdate.exe gpupdate /force
      2600

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Oct. 20, 2024, 9:17 a.m.	buffer: +> Block Host successed. console_handle: 0x0000000000000007	1	1	0
WriteConsoleW Oct. 20, 2024, 9:17 a.m.	buffer: +> Serving HTTP Proxy on 0.0.0.0 port 9999 ... console_handle: 0x0000000000000007	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 20, 2024, 9:17 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 20, 2024, 9:17 a.m.	process_identifier: 2064 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002260000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Creates executable files on the filesystem (43 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-file-l2-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-sysinfo-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-string-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-timezone-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-file-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-datetime-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-rtlsupport-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-heap-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-processthreads-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-processenvironment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-process-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-localization-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-utility-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-synch-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-runtime-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-debug-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-locale-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\ucrtbase.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-file-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-conio-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-errorhandling-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\python37.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-processthreads-l1-1-1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-namedpipe-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-environment-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-string-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-libraryloader-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-heap-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-synch-l1-2-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-time-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-interlocked-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-console-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-filesystem-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-memory-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-convert-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-profile-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-math-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-util-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-crt-stdio-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\api-ms-win-core-handle-l1-1-0.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI6522\libssl-1_1.dll

Creates a suspicious process (1 event)

cmdline

C:\Windows\system32\cmd.exe /c gpupdate /force

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.HackAV.4!c
Skyhigh	BehavesLike.Win64.Dropper.wc
ALYac	Trojan.GenericKD.34172621
Cylance	Unsafe
VIPRE	Trojan.GenericKD.34172621
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.34172621
K7GW	Trojan ( 0056ab5e1 )
K7AntiVirus	Trojan ( 0056ab5e1 )
Arcabit	Trojan.Generic.D2096ECD
Symantec	Trojan.Gen.MBT
ESET-NOD32	Python/Riskware.HackAV.A
Avast	FileRepMalware [Misc]
Alibaba	Trojan:Win32/Ymacco.6fef930b
NANO-Antivirus	Riskware.Win64.HackAV.hnraxn
MicroWorld-eScan	Trojan.GenericKD.34172621
Emsisoft	Trojan.GenericKD.34172621 (B)
DrWeb	Trojan.Hosts.47404
TrendMicro	PUA.Win64.HackAV.AA
McAfeeD	ti!2DE955CB5926
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
FireEye	Trojan.GenericKD.34172621
Google	Detected
Antiy-AVL	RiskWare/Win32.Kryptik.a
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Trojan.Win64.Gen.vb
Xcitium	Malware@#3vbvyvccf6u2k
Microsoft	Trojan:Win32/Ymacco.AB2D
GData	Trojan.GenericKD.34172621
Varist	W64/ABTrojan.MGCZ-6623
McAfee	Artemis!487901443F9E
DeepInstinct	MALICIOUS
VBA32	Trojan.Hosts
Malwarebytes	RiskWare.DontStealOurSoftware
TrendMicro-HouseCall	PUA.Win64.HackAV.AA
Yandex	Trojan.Igent.bXKB42.27
MaxSecure	Trojan.Malware.104220782.susgen
AVG	FileRepMalware [Misc]
Paloalto	generic.ml
alibabacloud	RiskWare:Python/HackAV.A

LicenseMalwareBytes.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All