Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 4, 2021, 8:20 p.m.	June 4, 2021, 8:22 p.m.

Size	1.4MB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`aa8b88bae541c473e1cffbdf8e5e5340`
SHA256	`31d876d26586e35cf2b2b2479ff1f328efeaca3480918349916c997ea97429f3`
CRC32	`61FCD620`
ssdeep	`24576:vWJ8ciSX9U2Xvrc/3evVAxIsZNWwmyBVhnB/:vaVXTXY/33IsZYwmkB/`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description)

Java_Chrome-1432796152.exe "C:\Users\test22\AppData\Local\Temp\Java_Chrome-1432796152.exe"
1116

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.MPRESS1
section	.MPRESS2

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 4, 2021, 8:13 p.m.	stacktrace: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895 stacktrace+0x84 memdup-0x1af @ 0x74420470 hook_in_monitor+0x45 lde-0x133 @ 0x744142ea New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603 VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243 VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb java_chrome-1432796152+0x27750c @ 0x67750c GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 java_chrome-1432796152+0x123fff @ 0x523fff GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0 java_chrome-1432796152+0x525000 @ 0x925000 java_chrome-1432796152+0x1000 @ 0x401000 java_chrome-1432796152+0xbe43a @ 0x4be43a 0x7fffffd9000 java_chrome-1432796152+0x526085 @ 0x926085 0x7fffffd9000 exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29 exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 exception.address: 0x77210895 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 329877 registers.r14: 0 registers.r15: 0 registers.rcx: 2291256 registers.rsi: 9588736 registers.r10: 0 registers.rbx: 1994665712 registers.rsp: 2293576 registers.r11: 514 registers.r8: 64 registers.r9: 4 registers.rdx: 2292600 registers.r12: 0 registers.rbp: 0 registers.rdi: 4194671 registers.rax: 2290936 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

June 4, 2021, 8:13 p.m.

stacktrace:

RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x77210895
stacktrace+0x84 memdup-0x1af @ 0x74420470
hook_in_monitor+0x45 lde-0x133 @ 0x744142ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x74433603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd6e3243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd6e31fb
java_chrome-1432796152+0x27750c @ 0x67750c
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0
java_chrome-1432796152+0x123fff @ 0x523fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76e42ef0
java_chrome-1432796152+0x525000 @ 0x925000
java_chrome-1432796152+0x1000 @ 0x401000
java_chrome-1432796152+0xbe43a @ 0x4be43a
0x7fffffd9000
java_chrome-1432796152+0x526085 @ 0x926085
0x7fffffd9000

exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address: 0x77210895
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 329877
registers.r14: 0
registers.r15: 0
registers.rcx: 2291256
registers.rsi: 9588736
registers.r10: 0
registers.rbx: 1994665712
registers.rsp: 2293576
registers.r11: 514
registers.r8: 64
registers.r9: 4
registers.rdx: 2292600
registers.r12: 0
registers.rbp: 0
registers.rdi: 4194671
registers.rax: 2290936
registers.r13: 0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0015f200', u'virtual_address': u'0x00001000', u'entropy': 7.999884612598443, u'name': u'.MPRESS1', u'virtual_size': u'0x00525000'}

entropy

7.9998846126

description

A section with a high entropy has been found

entropy

0.976025017373

description

Overall entropy of this PE file is high

Java_Chrome-1432796152.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All