Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.20 01:09
setup.exe
09.20 11:09
3uTools.exe
09.20 11:09
66ecb4573225b_vsbhfdg1...
09.20 10:09
66ecb452ba19c_sfbdsgfd...
09.20 10:09
66ecb44c35444_vfdhsgdf...
09.20 10:09
66ec0e61998bf_setup30.exe
09.20 10:09
66ebf725efe38_lyla.exe
09.20 10:09
Desktop_Explorer.exe
09.20 10:09
66ec3528901bb_winupdat...
09.20 10:09
Inquiry-Dubai.js

Latest News
09.20 10:09
-=TWELVE=- is back
09.20 10:09
Macklem Warns AI May P...
09.20 10:09
[UPDATE] [mittel] Open...
09.20 10:09
Wahlkampf und Bürgerdi...
09.20 10:09
KI-Risiken melden: War...
09.20 10:09
Grafische Interfaces u...
09.20 09:09
Critical Vulnerability...
09.20 09:09
Amazon Fire TV Stick S...
09.20 09:09
[NEU] [mittel] Red Hat...
09.20 09:09
Passwordless AND Keyle...

Summary | ZeroBOX

HBN.exe

Generic Malware PE32 PE File

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 8, 2021, 1:22 p.m.	June 8, 2021, 1:24 p.m.

Size	108.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0da7c74ea5d4521529b9c921529082b2`
SHA256	`151670dc1d668f2c83d8f565cdd1d11b7b6df66fd00b98b7335760b5c8a8f372`
CRC32	`03829E8D`
ssdeep	`3072:Jz1kdkpUNcsTlxWqEfGBpQ2JyB92mTZP9ds/3HloXsG0XZDZm0YIVE4p:bkapOJxWqEfGBpQ2JyB92mTZP9dsvoIN`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description)

HBN.exe "C:\Users\test22\AppData\Local\Temp\HBN.exe"
3332
- HBN.exe "C:\Users\test22\AppData\Local\Temp\HBN.exe"
  8408

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA June 8, 2021, 1:22 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW June 8, 2021, 1:22 p.m.	computer_name: TEST22-PC	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 8, 2021, 1:22 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 8, 2021, 1:22 p.m.	process_identifier: 3332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory June 8, 2021, 1:22 p.m.	process_identifier: 3332 region_size: 61440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory June 8, 2021, 1:24 p.m.	process_identifier: 3332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 876544 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773b0000 process_handle: 0xffffffff	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory June 8, 2021, 1:22 p.m.	process_identifier: 3332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 24576 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00500000 process_handle: 0xffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA June 8, 2021, 1:24 p.m.	service_handle: 0x00309f28 service_type: 48 service_status: 3		0	0

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
FireEye	Generic.mg.0da7c74ea5d45215
Sangfor	Trojan.Win32.Save.a
BitDefenderTheta	Gen:NN.ZevbaF.34722.gm0@aehCh1hi
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenKryptik.FGIB
APEX	Malicious
Microsoft	Trojan:Win32/Wacatac.B!ml
McAfee	PWS-FCZK!0DA7C74EA5D4
Yandex	Trojan.AvsArher.bTx33N
SentinelOne	Static AI - Suspicious PE
MaxSecure	Trojan.Malware.300983.susgen