Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 8, 2024, 4:56 p.m.	Nov. 8, 2024, 5:21 p.m.

Size	194.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a44a69112351292c14e58a30ad3fa790`
SHA256	`e195bef31e5a7609f5e410339f4d7ebfcb9ee51e3f0a8076eacd68ebe9bbf951`
CRC32	`00039120`
ssdeep	`3072:g6G8kWB6+M4kyoMP8OqFnEEua6Td3zHZ0DELbT4Um+64W/:g6GHeBM6zP8jExa6V50DErY/`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

locker.exe "C:\Users\test22\AppData\Local\Temp\locker.exe"
1880

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Nov. 8, 2024, 4:49 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Nov. 8, 2024, 4:49 p.m.	computer_name: TEST22-PC	1	1	0

A process attempted to delay the analysis task. (1 event)

description

locker.exe tried to sleep 780 seconds, actually delayed analysis time by 0 seconds

Executes one or more WMI queries (1 event)

wmi	SELECT * FROM Win32_ShadowCopy

File has been identified by 51 AntiVirus engines on VirusTotal as malicious (50 out of 51 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Agent.Y!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	TrojanRansom.Agent
Skyhigh	BehavesLike.Win64.NetLoader.ch
ALYac	Trojan.GenericKD.74635134
Cylance	Unsafe
VIPRE	Trojan.GenericKD.74635134
CrowdStrike	win/malicious_confidence_90% (D)
BitDefender	Trojan.GenericKD.74635134
K7GW	Trojan ( 005bce751 )
K7AntiVirus	Trojan ( 005bce751 )
Arcabit	Trojan.Generic.D472D77E
VirIT	Trojan.Win64.Agent.FZG
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Filecoder.QF
APEX	Malicious
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	HEUR:Trojan-Ransom.Win32.Agent.gen
Alibaba	Trojan:Win64/Filecoder.2194c8e5
MicroWorld-eScan	Trojan.GenericKD.74635134
Rising	Ransom.Agent!8.6B7 (CLOUD)
Emsisoft	Trojan.GenericKD.74635134 (B)
F-Secure	Trojan.TR/AD.Nekark.fxmbb
DrWeb	Trojan.Encoder.41221
McAfeeD	ti!E195BEF31E5A
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.a44a69112351292c
Google	Detected
Avira	TR/AD.Nekark.fxmbb
Antiy-AVL	Trojan[Ransom]/Win32.Dcrypt.a
Kingsoft	Win32.Trojan-Ransom.Agent.gen
Gridinsoft	Trojan.Win64.Agent.sa
Xcitium	Malware@#3ftdywqvz7jio
Microsoft	Trojan:Win32/GandCrab
ZoneAlarm	HEUR:Trojan-Ransom.Win32.Agent.gen
GData	Trojan.GenericKD.74635134
Varist	W64/ABRansom.EGGG-4478
AhnLab-V3	Ransomware/Win.Generic.C5690458
McAfee	Artemis!A44A69112351
DeepInstinct	MALICIOUS
Malwarebytes	Ransom.FileCryptor
Ikarus	Trojan-Ransom.FileCrypter
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09K524
Fortinet	PossibleThreat.MPH.H
AVG	Win64:MalwareX-gen [Trj]

locker.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All