Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 30, 2024, 9:46 a.m.	Oct. 30, 2024, 9:50 a.m.

Size	1.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d782071609e332aa2c8caa1778d76431`
SHA256	`b003817debf3e7e8bf5c773628cc0072bcf84a5c726e8a1743e2a5a99424074a`
CRC32	`EDB05D8D`
ssdeep	`24576:O1kdoDrvYM8Rti01lzEQi7NrTYKC7Jn/uso7sxPkRlcnBvzV2mIGfpd+nUleGhVu:KkdoXYM8RSxNrT91so7sxPkRqNT7fvV`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Obsidium_Zero - Obsidium protector file IsPE32 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

mm.exe "C:\Users\test22\AppData\Local\Temp\mm.exe"
1188

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable uses a known packer (1 event)

packer

Armadillo v1.71

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

EXE

Foreign language identified in PE resource (2 events)

name

EXE

language

LANG_CHINESE

filetype

ASCII text

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00178730

size

0x00000944

name

EXE

language

LANG_CHINESE

filetype

ASCII text

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00178730

size

0x00000944

Creates executable files on the filesystem (1 event)

file	C:\ProgramData\LockApp.exe

Creates hidden or system file (3 events)

Time & API	Arguments	Status	Return
SetFileAttributesW Oct. 30, 2024, 9:46 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\ProgramData\\new filepath: C:\ProgramData\new	1	1
SetFileAttributesW Oct. 30, 2024, 9:46 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\ProgramData\\LockApp.exe filepath: C:\ProgramData\LockApp.exe	1	1
SetFileAttributesW Oct. 30, 2024, 9:47 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\ProgramData\\LockApp.exe filepath: C:\ProgramData\LockApp.exe	1	1

File has been identified by 50 AntiVirus engines on VirusTotal as malicious (50 events)

Bkav	W32.FamVT.EqtoneGQ.Trojan
Lionic	Riskware.Win32.BitMiner.1!c
Elastic	malicious (high confidence)
McAfee	Artemis!D782071609E3
ALYac	DeepScan:Generic.Dacic.1.BitCoinMiner.A.31756806
Cylance	unsafe
VIPRE	DeepScan:Generic.Dacic.1.BitCoinMiner.A.31756806
Sangfor	Suspicious.Win32.Save.ins
K7AntiVirus	Adware ( 005577161 )
BitDefender	DeepScan:Generic.Dacic.1.BitCoinMiner.A.31756806
K7GW	Adware ( 005577161 )
Cybereason	malicious.28ca3d
Arcabit	DeepScan:Generic.Dacic.1.BitCoinMiner.A.31756806
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/CoinMiner.PQ potentially unwanted
APEX	Malicious
Avast	Win64:Malware-gen
ClamAV	Win.Coinminer.Generic-7151250-0
Kaspersky	Trojan.Win64.Miner.ajmz
Alibaba	Trojan:Win64/Miner.23592da6
NANO-Antivirus	Trojan.Win32.CoinMiner.hmsukf
MicroWorld-eScan	DeepScan:Generic.Dacic.1.BitCoinMiner.A.31756806
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft	DeepScan:Generic.Dacic.1.BitCoinMiner.A.31756806 (B)
Zillya	Trojan.Miner.Win32.10128
TrendMicro	TROJ_GEN.R002C0WI423
McAfee-GW-Edition	BehavesLike.Win32.Infected.th
FireEye	Generic.mg.d782071609e332aa
Sophos	Generic Reputation PUA (PUA)
Ikarus	PUA.CoinMiner
Jiangmin	Trojan.Miner.lsd
Webroot	W32.Malware.Gen
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Win64.Miner
Gridinsoft	Risk.CoinMiner.C.sd!yf
Xcitium	Malware@#1zy989m8u7xhz
ZoneAlarm	Trojan.Win64.Miner.ajmz
GData	DeepScan:Generic.Dacic.1.BitCoinMiner.A.31756806
Google	Detected
DeepInstinct	MALICIOUS
VBA32	Trojan.Miner
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002H0CI423
Tencent	RiskTool.Win64.BitMiner.ha
Yandex	Riskware.Agent!7ORE5vM8QpY
MaxSecure	Trojan.Malware.102355858.susgen
Fortinet	Riskware/BitMiner
AVG	Win64:Malware-gen
CrowdStrike	win/malicious_confidence_60% (W)

mm.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All