Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.09 10:09
vjgg.exe
09.09 10:09
lnef.exe
09.09 10:09
1.exe
09.09 10:09
oclo.exe
09.09 10:09
pclient.exe
09.09 10:09
lemon.exe
09.09 10:09
responsibilityleadpro.exe
09.09 09:09
Twitch x Loot Lab Even...
09.09 09:09
66dcad8f5f33a_crypted.exe
09.09 09:09
sgf.exe

Latest News
09.09 02:09
오내피플 ‘캐치시큐’, 중소기업기술마켓 ...
09.09 02:09
한국인터넷진흥원, ‘2024 제6차 K-...
09.09 02:09
가상자산 지갑주소 및 트랜잭션 데이터셋 ...
09.09 02:09
국정원, CSK 2024서 주요 사이버안...
09.09 02:09
Mainframe Chip has 360...
09.09 01:09
U.S. Offers $10 Millio...
09.09 01:09
밸롭·웨이든, 24FW 뉴 컬렉션 런칭에...
09.09 01:09
플로리아, 층간소음매트부문 '2024년 ...
09.09 01:09
웹 예능 '기억을 잊는 밤' 누적 조회수...
09.09 01:09
한국장학진흥원, 심리상담사 자격증 24종...

Summary | ZeroBOX

InvoicePO-03092021.jar

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 2, 2021, 6:23 p.m.	July 2, 2021, 6:26 p.m.

Size	188.9KB
Type	Zip archive data, at least v2.0 to extract
MD5	`88811d5b8004bca2c3166e3cedd10fe3`
SHA256	`6a39055318c5ff39bb354e675325e0f929de46455a92117afba43b3824a4da9a`
CRC32	`07270557`
ssdeep	`3072:lacjzJ3t108fD2yIYgyZVDP1CdbpL0XVN4vS74xHtrLRJo3a98MbrlbV:laWysD2yIYgofspLsN4vS7Qh3b1V`
Yara	None matched

java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\test22\AppData\Local\Temp\InvoicePO-03092021.jar
5568

Name	Response	Post-Analysis Lookup
d2js2viceajwla.cloudfront.net	AAAA 2600:9000:2139:e800:11:6feb:6f80:93a1 AAAA 2600:9000:2139:b800:11:6feb:6f80:93a1 AAAA 2600:9000:2139:a00:11:6feb:6f80:93a1 AAAA 2600:9000:2139:aa00:11:6feb:6f80:93a1 AAAA 2600:9000:2139:9000:11:6feb:6f80:93a1 AAAA 2600:9000:2139:8a00:11:6feb:6f80:93a1 AAAA 2600:9000:2139:1c00:11:6feb:6f80:93a1 AAAA 2600:9000:2139:600:11:6feb:6f80:93a1	54.230.62.45
aus.thunderbird.net	A 99.86.202.67 A 99.86.202.75 A 99.86.202.125 A 99.86.202.23 CNAME d2js2viceajwla.cloudfront.net	54.230.62.45
prod.balrog.prod.cloudops.mozgcp.net	A 35.244.181.201	35.244.181.201
d2js2viceajwla.cloudfront.net	A 99.86.202.23 A 99.86.202.125 A 99.86.202.67 A 99.86.202.75	54.230.62.45
aus5.mozilla.org	A 35.244.181.201 CNAME balrog-aus5.r53-2.services.mozilla.com CNAME prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201
prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201

IP Address	Status	Action
164.124.101.2	Active	Moloch
35.244.181.201	Active	Moloch
99.86.144.100	Active	Moloch
99.86.144.46	Active	Moloch
99.86.144.61	Active	Moloch
99.86.144.82	Active	Moloch
99.86.202.23	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLS 1.2 192.168.56.102:49324 99.86.202.23:443	C=US, O=Let's Encrypt, CN=R3	CN=thunderbird.net	dd:92:a0:f3:c5:f2:3a:c7:42:66:30:75:8a:b3:b3:03:6b:8c:df:9d
TLS 1.2 192.168.56.102:49325 35.244.181.201:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=California, L=Mountain View, O=Mozilla Corporation, CN=aus5.mozilla.org	37:1a:8a:6e:ae:e7:b7:ae:1f:a9:c0:87:53:e5:a0:94:ef:0b:de:0c

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 2, 2021, 6:16 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 2, 2021, 6:16 p.m.	process_identifier: 5568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002550000 process_handle: 0xffffffffffffffff	1	0	0

Communicates with host for which no DNS query was performed (4 events)

host	99.86.144.100
host	99.86.144.46
host	99.86.144.61
host	99.86.144.82

A potential heapspray has been detected. 883 megabytes was sprayed onto the heap of the java.exe process (1 event)

count

3534

name

heapspray

process

java.exe

total_mb

883

length

262144

protection

PAGE_READWRITE