Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 17, 2024, 9:36 a.m.	May 17, 2024, 9:38 a.m.

Size	8.5KB
Type	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`da982330a3e82337e9a2aacae9b285ba`
SHA256	`1bcb29aabc1d6bc9adaaae91948b748bf2785017d78728166a528f693ac49527`
CRC32	`273CFC41`
ssdeep	`192:1pdqpC17EVylIBr8J7W53yZE2GVm/0lzIe7pRgE:1HlEVylIBr8BsCZN36DpRg`
Yara	IsPE64 - (no description) PE_Header_Zero - PE File Signature

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
103.116.247.207	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
__exception__ May 17, 2024, 9:36 a.m.	stacktrace: 0x3d0032 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed exception.instruction: lodsb al, byte ptr [rsi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3d0032 registers.r14: 1453503984 registers.r15: 0 registers.rcx: 110 registers.rsi: 110 registers.r10: 0 registers.rbx: 3998203 registers.rsp: 1242088 registers.r11: 514 registers.r8: 8791744913672 registers.r9: 0 registers.rdx: 2004821600 registers.r12: 0 registers.rbp: 3997708 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory May 17, 2024, 9:35 a.m.	process_identifier: 288 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000003d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

host

103.116.247.207

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Meterpreter.4!c
Cynet	Malicious (score: 100)
Skyhigh	Artemis!Trojan
ALYac	Gen:Variant.Midie.147917
Cylance	unsafe
VIPRE	Gen:Variant.Midie.147917
Sangfor	Trojan.Win64.Meterpreter.Vdci
K7AntiVirus	Trojan ( 005b073f1 )
BitDefender	Gen:Variant.Midie.147917
K7GW	Trojan ( 005b073f1 )
Arcabit	Trojan.Midie.D241CD
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/ShellcodeRunner.SG
McAfee	Artemis!DA982330A3E8
Avast	Win64:MalwareX-gen [Trj]
Kaspersky	Trojan.Win64.Shlem.nef
Alibaba	Trojan:Win64/Shlem.8fbd4ef5
MicroWorld-eScan	Gen:Variant.Midie.147917
Rising	Trojan.Meterpreter!8.E532 (TFE:5:QuzYaJOyUdF)
Emsisoft	Gen:Variant.Midie.147917 (B)
F-Secure	Trojan.TR/AD.MeterpreterSC.jdntv
TrendMicro	Backdoor.Win64.COBEACON.YXEEPZ
FireEye	Gen:Variant.Midie.147917
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Shellcoderunner
Google	Detected
Avira	TR/AD.MeterpreterSC.jdntv
MAX	malware (ai score=80)
Antiy-AVL	Trojan/Win64.ShellcodeRunner
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win64/Meterpreter.E
ZoneAlarm	Trojan.Win64.Shlem.nef
GData	Gen:Variant.Midie.147917
Varist	W64/ABRisk.XUJJ-1492
AhnLab-V3	Malware/Win.Generic.C5562030
DeepInstinct	MALICIOUS
VBA32	Downloader.Win64.Tiny
Malwarebytes	Trojan.ShellCode.Runner
Panda	Trj/CI.A
TrendMicro-HouseCall	Backdoor.Win64.COBEACON.YXEEPZ
Tencent	Trojan.Win32.Cobaltstrike.16001131
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/ShellcodeRunner.SU

ms.exe