Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 21, 2024, 5:03 p.m.	Oct. 21, 2024, 5:11 p.m.

Size	171.8KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`ccf473cc10b909c51907438f45273063`
SHA256	`baf8cfd9f1c7567743139665605c51e15011e562f3ffdfe5dece89f6c3f68de1`
CRC32	`16A8D0EF`
ssdeep	`3072:xneb5wQUp+tZWiO2Gg7EZ8StYmijRAaCeu9CMR1:MuQUp+tZWiO2G4VStpijm1`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz.dll,Joking
1820
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz.dll,Joking
  2168
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz.dll,
2100
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz.dll,NextHook
884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\scbronkz.dll,NextHook
  2208

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

_RDATA

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 21, 2024, 4:55 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 8791595810816 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5197193846832247020 registers.rbx: 1 registers.rsp: 2747080 registers.r11: 32899072 registers.r8: 2747488 registers.r9: 0 registers.rdx: 0 registers.r12: 8791595847904 registers.rbp: 2749800 registers.rdi: 2747478 registers.rax: 2747392 registers.r13: 0	1	0	0
__exception__ Oct. 21, 2024, 4:55 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 8791595810816 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5197193846832247020 registers.rbx: 1 registers.rsp: 2222616 registers.r11: 2883584 registers.r8: 2223024 registers.r9: 0 registers.rdx: 0 registers.r12: 8791595847904 registers.rbp: 2225336 registers.rdi: 2223014 registers.rax: 2222928 registers.r13: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Oct. 21, 2024, 4:55 p.m.	process_identifier: 2168 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001f60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory Oct. 21, 2024, 4:55 p.m.	process_identifier: 2208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000002c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 99)
ALYac	Gen:Variant.Ulise.490953
Cylance	Unsafe
VIPRE	Gen:Variant.Ulise.490953
CrowdStrike	win/malicious_confidence_60% (D)
BitDefender	Gen:Variant.Ulise.490953
K7GW	Trojan ( 005bb4921 )
K7AntiVirus	Trojan ( 005bb4921 )
Arcabit	Trojan.Ulise.D77DC9
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win64/Agent.EQD
Avast	Win64:TrojanX-gen [Trj]
ClamAV	Win.Trojan.Generic-10034943-0
Kaspersky	UDS:DangerousObject.Multi.Generic
MicroWorld-eScan	Gen:Variant.Ulise.490953
Rising	Trojan.Agent!8.B1E (CLOUD)
Emsisoft	Gen:Variant.Ulise.490953 (B)
F-Secure	Trojan.TR/Agent.zhdld
Zillya	Trojan.GenCBL.Win32.17662
McAfeeD	ti!BAF8CFD9F1C7
CTX	dll.trojan.ulise
FireEye	Gen:Variant.Ulise.490953
Google	Detected
Avira	TR/Agent.zhdld
Antiy-AVL	GrayWare/Win32.Wacapew
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Phonzy.A!ml
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Ulise.490953
McAfee	Artemis!CCF473CC10B9
DeepInstinct	MALICIOUS
Ikarus	Trojan.Win32.Generic
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H07I924
Tencent	Malware.Win32.Gencirc.141c379d
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:TrojanX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Ulise.Gen

scbronkz.dll