Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 11, 2023, 10:51 p.m.	June 11, 2023, 10:54 p.m.

Size	21.0KB
Type	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5	`27c4f6ca1b49e3723ba158c9c268a526`
SHA256	`93896b303630422dc604fa9ce9dcf1ccd93f823cd90d46c2b55029ea004f1a41`
CRC32	`1CF39440`
ssdeep	`384:v+pv2zG72HYdtLUF4ZENy+Tq25hcttCW:G2ALUJ9DW`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
45.145.230.163	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory June 11, 2023, 10:14 p.m.	process_identifier: 660 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004d0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0
NtAllocateVirtualMemory June 11, 2023, 10:14 p.m.	process_identifier: 660 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000004d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

host

45.145.230.163

dead_host

45.145.230.163:4363

Lionic	Trojan.Win32.Cobalt.4!c
MicroWorld-eScan	Trojan.GenericKD.67450070
FireEye	Trojan.GenericKD.67450070
Malwarebytes	Malware.AI.2309496273
Sangfor	Backdoor.Win64.Cobalt.Vzqi
Alibaba	Backdoor:Win32/Cobalt.adb2fd5e
K7GW	Trojan ( 0059ac421 )
Cyren	W64/ABRisk.NLGO-2087
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/ShellcodeRunner.FT
Cynet	Malicious (score: 100)
Kaspersky	Backdoor.Win32.Cobalt.cwz
BitDefender	Trojan.GenericKD.67450070
Avast	Win64:Evo-gen [Trj]
Tencent	Win32.Backdoor.Cobalt.Dkjl
Emsisoft	Trojan.GenericKD.67450070 (B)
F-Secure	Trojan.TR/AD.PatchedWinSwrort.mewpb
DrWeb	BackDoor.Meterpreter.157
VIPRE	Trojan.GenericKD.67450070
TrendMicro	Backdoor.Win64.SWRORT.YXDFKZ
McAfee-GW-Edition	RDN/Generic BackDoor
Sophos	Mal/Generic-S
Jiangmin	Backdoor.Cobalt.il
Webroot	W32.Trojan.GenKD
Avira	TR/AD.PatchedWinSwrort.mewpb
MAX	malware (ai score=88)
Antiy-AVL	Trojan/Win64.ShellcodeRunner
Microsoft	Trojan:Win64/CobaltStrike!MTB
Arcabit	Trojan.Generic.D40534D6
ZoneAlarm	Backdoor.Win32.Cobalt.cwz
GData	MSIL.Backdoor.Rozena.4IE1HW
Google	Detected
McAfee	RDN/Generic BackDoor
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0DF923
Rising	Backdoor.Cobalt!8.1233E (TFE:5:lRx2QUpcOxN)
Ikarus	Trojan.Win64.Rozena
Fortinet	W32/PossibleThreat
AVG	Win64:Evo-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

uMM.exe