Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 26, 2023, 5:26 p.m.	July 26, 2023, 5:30 p.m.

Size	94.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`0eb17599a6d6340826cde1fb9555a801`
SHA256	`bf1462ab1a3cf16b7d68d3adf6e045445295dc6aeeb282a8aa2cbdfba764bae5`
CRC32	`998A308A`
ssdeep	`1536:uszP8laTTjQTUCoL+bfDioMqmmQqVsW3d09dlP9uCZc5:uszEmXQISLioMkQEMh9uC`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
103.57.228.101	Active	Moloch

Flow	SID	Signature	Category
TCP 192.168.56.103:49161 -> 103.57.228.101:8024	2260003	SURICATA Applayer Protocol detection skipped	Generic Protocol Command Decode
TCP 192.168.56.103:49164 -> 103.57.228.101:8024	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
TCP 192.168.56.103:49165 -> 103.57.228.101:8024	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
TCP 192.168.56.103:49166 -> 103.57.228.101:8024	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode

No Suricata TLS

section

_RDATA

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 26, 2023, 5:23 p.m.	process_identifier: 1680 region_size: 30003200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002340000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses July 26, 2023, 5:23 p.m.	flags: 16 family: 0	1	0	0

host

103.57.228.101

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress July 26, 2023, 5:23 p.m.	ordinal: 0 function_address: 0x000007fefe467a50 function_name: wine_get_version module: ntdll module_address: 0x00000000776c0000		-1073741511	0

Bkav	W32.Common.7CE4E507
Lionic	Trojan.Win32.Rekvex.4!c
MicroWorld-eScan	Gen:Variant.Zusy.478419
FireEye	Gen:Variant.Zusy.478419
ALYac	Gen:Variant.Zusy.478419
Malwarebytes	Malware.AI.553375904
Zillya	Trojan.Rekvex.Win32.150
Sangfor	Trojan.Win32.Rozena.Vbsa
K7AntiVirus	Trojan ( 005988b31 )
Alibaba	Trojan:Win64/Rozena.f10ea64c
K7GW	Trojan ( 005988b31 )
Arcabit	Trojan.Zusy.D74CD3
Cyren	W64/ABRisk.VDRD-5763
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Rozena.TA
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	Trojan.Win32.Rekvex.bah
BitDefender	Gen:Variant.Zusy.478419
Avast	Win64:TrojanX-gen [Trj]
Tencent	Malware.Win32.Gencirc.13ea7484
Emsisoft	Gen:Variant.Zusy.478419 (B)
F-Secure	Trojan.TR/Redcap.nksry
VIPRE	Gen:Variant.Zusy.478419
TrendMicro	TROJ_GEN.R002C0XGP23
McAfee-GW-Edition	BehavesLike.Win64.Generic.nm
Sophos	Mal/Generic-S
Jiangmin	Trojan.Rekvex.bk
Avira	TR/Redcap.nksry
Antiy-AVL	Trojan/Win64.Rozena
Microsoft	Trojan:Win64/Rozena.EN!MTB
ViRobot	Trojan.Win.Z.Rekvex.96768.C
ZoneAlarm	Trojan.Win32.Rekvex.bah
GData	Gen:Variant.Zusy.478419
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R521258
McAfee	Artemis!0EB17599A6D6
MAX	malware (ai score=80)
VBA32	Trojan.Rekvex
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002C0XGP23
Rising	Trojan.Rekvex!8.1170C (TFE:5:IE1K4aiQOqH)
Yandex	Trojan.Rozena!//JMMR/cwKE
Ikarus	Trojan.Win64.Rozena
MaxSecure	Trojan.Malware.187602278.susgen
Fortinet	W64/Rozena.TA!tr
AVG	Win64:TrojanX-gen [Trj]
DeepInstinct	MALICIOUS

explore.exe