Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 28, 2023, 11:17 a.m.	Nov. 28, 2023, 11:19 a.m.

Size	1.2MB
Type	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0f259f4cb66106371ece0128de84bfb2`
SHA256	`6661316cebb9673c5bcfd4f6903ae1ec5e36cb8a3e9801308ed3bdfd7086f075`
CRC32	`20AE4F16`
ssdeep	`24576:DziGn5wgZod3u+wnIsXdJJ49WSlV4Zs67LydF:DJXeH44l`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature IsDLL - (no description) Antivirus - Contains references to security software UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check Is_DotNET_DLL - (no description)

regsvr32.exe "C:\Windows\System32\regsvr32.exe" C:\Users\test22\AppData\Local\Temp\hta.jpg.exe.dll
2560

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 28, 2023, 11:17 a.m.		1	1	0

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 28, 2023, 11:17 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72a12000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 28, 2023, 11:17 a.m.	process_identifier: 2560 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 28, 2023, 11:17 a.m.	process_identifier: 2560 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02620000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Lionic	Trojan.Win32.Agent.Y!c
MicroWorld-eScan	Gen:Variant.MSILHeracles.125162
FireEye	Gen:Variant.MSILHeracles.125162
Skyhigh	Artemis!Trojan
ALYac	Gen:Variant.MSILHeracles.125162
Malwarebytes	Trojan.Downloader.MSIL.Generic
Sangfor	Downloader.Msil.Agent.Vwra
K7AntiVirus	Trojan-Downloader ( 005a7aab1 )
Alibaba	Backdoor:MSIL/DropperX.d96cf404
K7GW	Trojan-Downloader ( 005a7aab1 )
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.PIX
ClamAV	Win.Trojan.Bladbindi-1
Kaspersky	HEUR:Backdoor.MSIL.Agent.gen
BitDefender	Gen:Variant.MSILHeracles.125162
Avast	Win32:DropperX-gen [Drp]
Emsisoft	Gen:Variant.MSILHeracles.125162 (B)
F-Secure	Trojan.TR/Dldr.Agent.zvoiw
VIPRE	Gen:Variant.MSILHeracles.125162
TrendMicro	TROJ_GEN.R002C0WKL23
Sophos	Mal/Generic-S
MAX	malware (ai score=87)
Google	Detected
Avira	TR/Dldr.Agent.zvoiw
Varist	W32/ABRisk.LTBI-7430
Antiy-AVL	Trojan[Downloader]/MSIL.Agent
Microsoft	Trojan:Win32/Wacatac.B!ml
Arcabit	Trojan.MSILHeracles.D1E8EA
ZoneAlarm	HEUR:Backdoor.MSIL.Agent.gen
GData	Gen:Variant.MSILHeracles.125162
Cynet	Malicious (score: 99)
McAfee	Artemis!0F259F4CB661
Cylance	unsafe
TrendMicro-HouseCall	TROJ_GEN.R002C0WKL23
Ikarus	Trojan-Downloader.MSIL.Agent
Fortinet	MSIL/Injector.UWS!tr
AVG	Win32:DropperX-gen [Drp]
DeepInstinct	MALICIOUS

hta.jpg.exe