Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
09.09 10:09
vjgg.exe
09.09 10:09
lnef.exe
09.09 10:09
1.exe
09.09 10:09
oclo.exe
09.09 10:09
pclient.exe
09.09 10:09
lemon.exe
09.09 10:09
responsibilityleadpro.exe
09.09 09:09
Twitch x Loot Lab Even...
09.09 09:09
66dcad8f5f33a_crypted.exe
09.09 09:09
sgf.exe

Latest News
09.09 03:09
코코넛트레블, 현지 할인 혜택 ‘베트남 ...
09.09 03:09
Intel Product Security...
09.09 02:09
오내피플 ‘캐치시큐’, 중소기업기술마켓 ...
09.09 02:09
한국인터넷진흥원, ‘2024 제6차 K-...
09.09 02:09
가상자산 지갑주소 및 트랜잭션 데이터셋 ...
09.09 02:09
국정원, CSK 2024서 주요 사이버안...
09.09 02:09
Mainframe Chip has 360...
09.09 01:09
U.S. Offers $10 Millio...
09.09 01:09
밸롭·웨이든, 24FW 뉴 컬렉션 런칭에...
09.09 01:09
플로리아, 층간소음매트부문 '2024년 ...

Summary | ZeroBOX

SupplierRemittance.jar

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 7, 2021, 7:02 p.m.	Sept. 7, 2021, 7:22 p.m.

Size	93.4KB
Type	Zip archive data, at least v2.0 to extract
MD5	`65970fb1339deb21897524771d86da04`
SHA256	`775c703d15a7c6c3845a66375de0651b62336b4b6908bfa39e965e154ca20f88`
CRC32	`C40AD41B`
ssdeep	`1536:USAYP7noA4g/HR3NRf0Jc2YgMXPY2/ERnghzHSeqcHgCAdAuTe6OUwZPS:USRP7noAzHLPr/AghzRqOt2rTe5u`
Yara	None matched

java.exe "C:\Program Files\Java\jre7\bin\java.exe" -jar C:\Users\test22\AppData\Local\Temp\SupplierRemittance.jar
2768

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 7, 2021, 7:02 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 7, 2021, 7:02 p.m.	process_identifier: 2768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 2555904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002620000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 10 AntiVirus engines on VirusTotal as malicious (10 events)

MicroWorld-eScan	Java.Trojan.GenericGBA.30531
FireEye	Java.Trojan.GenericGBA.30531
Arcabit	Java.Trojan.GenericGBA.D7743
ESET-NOD32	a variant of Java/Spy.Agent.Y
BitDefender	Java.Trojan.GenericGBA.30531
Ad-Aware	Java.Trojan.GenericGBA.30531
Emsisoft	Java.Trojan.GenericGBA.30531 (B)
GData	Java.Trojan.GenericGBA.30531
MAX	malware (ai score=80)
Ikarus	Trojan.Java.Spy

A potential heapspray has been detected. 924 megabytes was sprayed onto the heap of the java.exe process (1 event)

count

3696

name

heapspray

process

java.exe

total_mb

924

length

262144

protection

PAGE_READWRITE