popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Windows_11_Update_Bypass_Setup.exe

Generic Malware .NET framework(MSIL) Malicious Library Admin Tool (Sysinternals etc ...) ASPack UPX OS Processor Check Lnk Format GIF Format PE64 PE File MZP Format PE32 .NET EXE icon
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 29, 2024, 9:50 p.m. Nov. 29, 2024, 9:52 p.m.
Size 1.9MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d29a079843c4f606e6daf91b6d687bcb
SHA256 3a2097ed1f25d85061ca07b050e1c92bd5ea980e16a30ad0a110d49e940d9d0f
CRC32 FA7284BF
ssdeep 24576:v7FUDowAyrTVE3U5Fxa8Pazm5zkNsFY6wU+Wap8GE01AOk5fhzfIy4a8yAhT0vOf:vBuZrEUGq5z8sFnwZWAkDLQyf5I
Yara
  • Malicious_Library_Zero - Malicious_Library
  • ASPack_Zero - ASPack packed file
  • IsPE32 - (no description)
  • PE_Header_Zero - PE File Signature
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file c:\program files\mozilla firefox\firefox.exe
section .itext
section .didata
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 745472
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00401000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004c4000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 258048
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004c6000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2636
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72dd2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2636
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000007760000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 0
root_path: C:\Program Files (x86)\Windows 11 Update Bypass\
total_number_of_bytes: 70694213480
0 0

GetDiskFreeSpaceExW

 total_number_of_free_bytes: 0
free_bytes_available: 13319004160
root_path: C:\Program Files (x86)\
total_number_of_bytes: 34252779520
1 1 0
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 11 Update Bypass.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 11 Update Bypass.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
file C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
file C:\Users\test22\AppData\Local\Temp\is-EE47J.tmp\Windows_11_Update_Bypass_Setup.tmp
Cynet Malicious (score: 100)
Skyhigh BehavesLike.Win32.Dropper.tc
APEX Malicious
Trapmine suspicious.low.ml.score
BitDefenderTheta Gen:NN.ZemsilF.36744.tn3@aGmi5ne
MaxSecure Trojan.Malware.300983.susgen
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeShutdownPrivilege
1 1 0
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
2 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
2 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
2 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
base_handle: 0x80000001
key_handle: 0x00000000
options: 0
access: 0x00000001
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
2 0

RegOpenKeyExW

 regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
base_handle: 0x80000002
key_handle: 0x00000000
options: 0
access: 0x00000101
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E2EF1B79-8471-4EA0-8242-31D378FB1836}_is1
2 0
file C:\Users\test22\AppData\Local\Temp\is-EE47J.tmp\Windows_11_Update_Bypass_Setup.tmp