ScreenShot
| Created | 2024.10.15 14:31 | Machine | s1_win7_x6401 |
| Filename | payload.exe | ||
| Type | PE32+ executable (console) x86-64, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 7 detected (Detected, Artemis, Nekark) | ||
| md5 | 8bbc71bfca95de5ebb9679e32b501d90 | ||
| sha256 | 2a4f52e877fbc6c6773407d46a5f820523a4254e88d1889bd52b628b5a8b2494 | ||
| ssdeep | 768:NOXmqd8BDsyhno7wmW28XqKqsRgcTGdVgX3vZwIf2iDL4h:YX0psy1okmW28XbUcTGdVgX3xwIf2KO | ||
| imphash | e163292b217fe935db063cc7d6af0f13 | ||
| impfuzzy | 12:YRJRJJoARZqRVPXJHqaHHGf5XGXKiEG6eGJXk6lKpJqhKZn:8fjBcVHGf5XGf6ZtkoOqUZn | ||
Network IP location
Signature (3cnts)
| Level | Description |
|---|---|
| notice | Creates a suspicious process |
| notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
| info | Command line console output was observed |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE64 | (no description) | binaries (upload) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
KERNEL32.dll
0x140008168 DeleteCriticalSection
0x140008170 EnterCriticalSection
0x140008178 GetLastError
0x140008180 InitializeCriticalSection
0x140008188 LeaveCriticalSection
0x140008190 SetUnhandledExceptionFilter
0x140008198 Sleep
0x1400081a0 TlsGetValue
0x1400081a8 VirtualProtect
0x1400081b0 VirtualQuery
0x1400081b8 __C_specific_handler
msvcrt.dll
0x1400081c8 __getmainargs
0x1400081d0 __initenv
0x1400081d8 __iob_func
0x1400081e0 __set_app_type
0x1400081e8 __setusermatherr
0x1400081f0 _amsg_exit
0x1400081f8 _cexit
0x140008200 _commode
0x140008208 _fmode
0x140008210 _initterm
0x140008218 free
0x140008220 memcpy
0x140008228 _onexit
0x140008230 abort
0x140008238 calloc
0x140008240 exit
0x140008248 fprintf
0x140008250 fwrite
0x140008258 malloc
0x140008260 signal
0x140008268 strlen
0x140008270 strncmp
0x140008278 system
0x140008280 vfprintf
EAT(Export Address Table) is none
KERNEL32.dll
0x140008168 DeleteCriticalSection
0x140008170 EnterCriticalSection
0x140008178 GetLastError
0x140008180 InitializeCriticalSection
0x140008188 LeaveCriticalSection
0x140008190 SetUnhandledExceptionFilter
0x140008198 Sleep
0x1400081a0 TlsGetValue
0x1400081a8 VirtualProtect
0x1400081b0 VirtualQuery
0x1400081b8 __C_specific_handler
msvcrt.dll
0x1400081c8 __getmainargs
0x1400081d0 __initenv
0x1400081d8 __iob_func
0x1400081e0 __set_app_type
0x1400081e8 __setusermatherr
0x1400081f0 _amsg_exit
0x1400081f8 _cexit
0x140008200 _commode
0x140008208 _fmode
0x140008210 _initterm
0x140008218 free
0x140008220 memcpy
0x140008228 _onexit
0x140008230 abort
0x140008238 calloc
0x140008240 exit
0x140008248 fprintf
0x140008250 fwrite
0x140008258 malloc
0x140008260 signal
0x140008268 strlen
0x140008270 strncmp
0x140008278 system
0x140008280 vfprintf
EAT(Export Address Table) is none