Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	March 23, 2023, 6:22 p.m.	March 23, 2023, 6:36 p.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`367030209dfe9a7f1631b8edad37cfa3`
SHA256	`c3fd44421f0c143c5903d2000a44840393e75e85e2f839c5a4c6b368e398d509`
CRC32	`C18F60BC`
ssdeep	`24:eFGStrJ9u0/6WwHnZdkBQAV2G1Y+mwKZqpeNDMSCvOXpmB:is0VwjkBQWq+3nSD9C2kB`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature

NetSySCLI.exe "C:\Users\test22\AppData\Local\Temp\NetSySCLI.exe"
2556

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
71.185.52.88	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.naan

Communicates with host for which no DNS query was performed (1 event)

host

71.185.52.88

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

71.185.52.88:8080

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Lionic	Trojan.Win32.Packed.4!c
MicroWorld-eScan	Trojan.Metasploit.A
FireEye	Generic.mg.367030209dfe9a7f
CAT-QuickHeal	HackTool.Metasploit.S9212471
McAfee	Trojan-FJIN!367030209DFE
Cylance	unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
K7AntiVirus	Trojan ( 004fae881 )
Alibaba	Trojan:Win32/CobaltStrike.5f03
K7GW	Trojan ( 004fae881 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Cyren	W64/S-c4a4ef26!Eldorado
Symantec	Meterpreter
Elastic	Windows.Trojan.Metasploit
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win64.Packed.gen
BitDefender	Trojan.Metasploit.A
NANO-Antivirus	Trojan.Win64.Shell.juurem
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
Avast	Win64:ShellCode-B [Trj]
Tencent	Hacktool.Win64.Rozena.a
Sophos	ATK/Meter-A
DrWeb	BackDoor.Shell.244
Zillya	Trojan.Rozena.Win64.23035
TrendMicro	TROJ64_SWRORT.SM1
McAfee-GW-Edition	BehavesLike.Win64.Infected.zz
Trapmine	malicious.high.ml.score
Emsisoft	Trojan.Metasploit.A (B)
Ikarus	Trojan.Win64.Meterpreter
Jiangmin	Trojan.Generic.auyjj
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	GrayWare/Win32.Rozena.j
Gridinsoft	Trojan.Win64.Gen.bot
Microsoft	Trojan:Win64/Meterpreter.B
ViRobot	Trojan.Win.Z.Rozena.7168.KH
ZoneAlarm	HEUR:Trojan.Win64.Packed.gen
GData	Trojan.Metasploit.A
Google	Detected
AhnLab-V3	Trojan/Win32.RL_Generic.R358445
ALYac	Trojan.Metasploit.A
MAX	malware (ai score=86)
Malwarebytes	Trojan.MalPack
Zoner	Probably Heur.ExeHeaderL
TrendMicro-HouseCall	TROJ64_SWRORT.SM1

NetSySCLI.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All