Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 7, 2025, 9:40 a.m.	March 7, 2025, 9:43 a.m.

Size	32.9MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`4f7273dca13701d402588b2c2aeafd1b`
SHA256	`516239cfceabc2bec4b06fc3cd6b2ef2d439523cefcac9765cb777333fbb0010`
CRC32	`ED6137FE`
ssdeep	`786432:azsZVl8ZPJjNP9nP6SDNDESWqEp+0/pWY8o7ChlYk:avP5rJD6qrSP8o0lYk`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

pronoti.exe "C:\Users\test22\AppData\Local\Temp\pronoti.exe"
2060
- pronoti.exe "C:\Users\test22\AppData\Local\Temp\pronoti.exe"
  2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 7, 2025, 9:34 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 7, 2025, 9:33 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.fptable

Creates executable files on the filesystem (13 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI20602\numpy.libs\msvcp140-263139962577ecda4cd9469ca360a746.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pywin32_system32\pythoncom311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\python311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\libssl-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\libcrypto-1_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\python3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\VCRUNTIME140_1.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\Pythonwin\mfc140u.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\numpy.libs\libscipy_openblas64_-43e11ff0749b8cbe0a615c9cf6737e0e.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pywin32_system32\pywintypes311.dll

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 735 events)

file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\sl\LC_MESSAGES\iso4217.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\Pythonwin\win32ui.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\km\LC_MESSAGES\iso4217.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\mn\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\ay\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\VCRUNTIME140.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\libffi-8.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\fr\LC_MESSAGES\iso4217.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\tt\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\hu\LC_MESSAGES\iso3166-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\nb_NO\LC_MESSAGES\iso3166-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\km\LC_MESSAGES\iso3166-2.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\th\LC_MESSAGES\iso4217.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\Cryptodome\Cipher\_raw_arc2.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\Cryptodome\Cipher\_raw_cbc.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\el\LC_MESSAGES\iso3166-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\sr\LC_MESSAGES\iso3166-2.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\nn\LC_MESSAGES\iso15924.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\kmr\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\nb_NO\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pywin32_system32\pywintypes311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\ee\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\crh\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\af\LC_MESSAGES\iso3166-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\th\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\es\LC_MESSAGES\iso3166-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\tig\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\cy\LC_MESSAGES\iso639-5.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\mk\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\fa\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\nn\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\py.typed
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\hu\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\br\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\lo\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\sq\LC_MESSAGES\iso639-5.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\numpy-2.2.3.dist-info\entry_points.txt
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\mr\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\mk\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\vi\LC_MESSAGES\iso15924.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\Pythonwin\mfc140u.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\de\LC_MESSAGES\iso639-3.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\br\LC_MESSAGES\iso3166-1.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\fa\LC_MESSAGES\iso15924.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\Cryptodome\Cipher\_raw_des3.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pywin32_system32\pythoncom311.dll
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\Cryptodome\Cipher\_raw_ofb.pyd
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\sk\LC_MESSAGES\iso15924.mo
file	C:\Users\test22\AppData\Local\Temp\_MEI20602\pycountry\locales\br\LC_MESSAGES\iso3166-3.mo

pronoti.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All