Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 30, 2025, 7:05 p.m.	Jan. 30, 2025, 7:07 p.m.

Size	6.9MB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`fe48e72387af610e81ff09d03e696d99`
SHA256	`88c7ed220f4ed3735f620e36cbf15f6b1cc5a25f42fc89c4472ba6e75954aa31`
CRC32	`47EE2553`
ssdeep	`196608:7bB83kdaXMCHGLLc54i1wN+DrRRu7NtbFRKnZMZDYhmh1wlxN8:x/cXMCHWUj7rRQ7XbFsn6ZUEWN`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
2552
- 1.exe "C:\Users\test22\AppData\Local\Temp\1.exe"
  2716

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 30, 2025, 7:05 p.m.			0	0

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 30, 2025, 7:05 p.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 30, 2025, 7:05 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\_MEI25522\python313.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25522\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI25522\libcrypto-3.dll

section

{u'size_of_data': u'0x0000f000', u'virtual_address': u'0x00049000', u'entropy': 7.350146232003548, u'name': u'.rsrc', u'virtual_size': u'0x0000ef8c'}

entropy

7.350146232

description

A section with a high entropy has been found

1.exe