Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2024, 2:30 p.m.	Oct. 21, 2024, 2:46 p.m.

Size	171.8KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`c32e01ebaec0c994672b56bfa5410962`
SHA256	`9502bccba5c8855d2b4e95197624d31a67d8f52e01b8957bdddb1f9d612a3faf`
CRC32	`2F5BF77E`
ssdeep	`3072:p/eb5wQUp+tZWiO2Gg7EZ8StYmijRAaCeu9CMRM:8uQUp+tZWiO2G4VStpijmM`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz09.dll,Joking
1720
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz09.dll,Joking
  2300
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz09.dll,NextHook
2152
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz09.dll,NextHook
  2344
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz09.dll,
2240

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

_RDATA

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 21, 2024, 2:30 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 8791595614208 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5197193846832247020 registers.rbx: 1 registers.rsp: 1173752 registers.r11: 30277632 registers.r8: 1174160 registers.r9: 0 registers.rdx: 0 registers.r12: 8791595651296 registers.rbp: 1176472 registers.rdi: 1174150 registers.rax: 1174064 registers.r13: 0	1	0	0
__exception__ Oct. 21, 2024, 2:30 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 8791595614208 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5197193846832247020 registers.rbx: 1 registers.rsp: 1634152 registers.r11: 29229056 registers.r8: 1634560 registers.r9: 0 registers.rdx: 0 registers.r12: 8791595651296 registers.rbp: 1636872 registers.rdi: 1634550 registers.rax: 1634464 registers.r13: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 21, 2024, 2:30 p.m.	process_identifier: 2300 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001ce0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory Oct. 21, 2024, 2:30 p.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001be0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	Trojan.Ulise
Skyhigh	Artemis!Trojan
ALYac	Gen:Variant.Ulise.490953
Cylance	Unsafe
VIPRE	Gen:Variant.Ulise.490953
CrowdStrike	win/malicious_confidence_60% (D)
BitDefender	Gen:Variant.Ulise.490953
K7GW	Trojan ( 005957391 )
K7AntiVirus	Trojan ( 005957391 )
Arcabit	Trojan.Ulise.D77DC9
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Agent.EQD
Avast	Win64:TrojanX-gen [Trj]
ClamAV	Win.Trojan.Generic-10034943-0
Alibaba	Trojan:Win64/Generic.a620d44b
MicroWorld-eScan	Gen:Variant.Ulise.490953
Rising	Trojan.Agent!8.B1E (CLOUD)
Emsisoft	Gen:Variant.Ulise.490953 (B)
F-Secure	Trojan.TR/Agent.zhdld
Zillya	Trojan.GenCBL.Win32.18135
McAfeeD	ti!9502BCCBA5C8
CTX	dll.trojan.ulise
Sophos	Mal/Generic-S
FireEye	Gen:Variant.Ulise.490953
Google	Detected
Avira	TR/Agent.zhdld
Antiy-AVL	GrayWare/Win32.Wacapew
Microsoft	Trojan:Win32/Phonzy.A!ml
GData	Gen:Variant.Ulise.490953
DeepInstinct	MALICIOUS
Ikarus	Trojan.Win32.Generic
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09IU24
Tencent	Malware.Win32.Gencirc.10c05934
MaxSecure	Trojan.Malware.273980833.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:TrojanX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Ulise.Gen

scbronkz09.dll