Summary | ZeroBOX

SupplierRemittance.jar

Category Machine Started Completed
FILE s1_win7_x6401 Sept. 7, 2021, 7:02 p.m. Sept. 7, 2021, 7:22 p.m.
Size 93.4KB
Type Zip archive data, at least v2.0 to extract
MD5 65970fb1339deb21897524771d86da04
SHA256 775c703d15a7c6c3845a66375de0651b62336b4b6908bfa39e965e154ca20f88
CRC32 C40AD41B
ssdeep 1536:USAYP7noA4g/HR3NRf0Jc2YgMXPY2/ERnghzHSeqcHgCAdAuTe6OUwZPS:USRP7noAzHLPr/AghzRqOt2rTe5u
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

process_identifier: 2768
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 2555904
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002620000
process_handle: 0xffffffffffffffff
1 0 0
MicroWorld-eScan Java.Trojan.GenericGBA.30531
FireEye Java.Trojan.GenericGBA.30531
Arcabit Java.Trojan.GenericGBA.D7743
ESET-NOD32 a variant of Java/Spy.Agent.Y
BitDefender Java.Trojan.GenericGBA.30531
Ad-Aware Java.Trojan.GenericGBA.30531
Emsisoft Java.Trojan.GenericGBA.30531 (B)
GData Java.Trojan.GenericGBA.30531
MAX malware (ai score=80)
Ikarus Trojan.Java.Spy
count 3696 name heapspray process java.exe total_mb 924 length 262144 protection PAGE_READWRITE