Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	May 30, 2024, 9:43 a.m.	May 30, 2024, 9:47 a.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`a63b46b7836c6c260dc4b37d7c640d3f`
SHA256	`8dbbb521ce069043bea5200f322c58af6fe204c2cf121a9d9437a010360fd757`
CRC32	`160FDABF`
ssdeep	`24:eFGStrJ9u0/6Z1nxnZdkBQAVv1c+JKZqdeNDMSCvOXpmB:is0IbkBQY++JXSD9C2kB`
Yara	IsPE64 - (no description) Windows_Trojan_Metasploit_91bc5d7d - (no description) PE_Header_Zero - PE File Signature MALWARE_Win_MeterpreterStager - Detects Meterpreter stager payload Generic_Malware_Zero - Generic Malware

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
94.139.242.7	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.gwfj

Time & API	Arguments	Status	Return	Repeated
__exception__ May 30, 2024, 9:44 a.m.	stacktrace: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x76cba404 itit+0x41fe @ 0x1400041fe 0x7fffffde250 0x12f708 0x12f740 itit+0x41fe @ 0x1400041fe 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 0x58 exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65 exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 exception.instruction: push rsp exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 697348 exception.address: 0x76cba404 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 5368726014 registers.rbx: 0 registers.rsp: 1244152 registers.r11: 514 registers.r8: 1242888 registers.r9: 1242944 registers.rdx: 8796092883536 registers.r12: 1244576 registers.rbp: 5368725514 registers.rdi: 88 registers.rax: 1993057284 registers.r13: 1244584	1	0	0

host

94.139.242.7

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Elastic	Windows.Trojan.Metasploit
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Cylance	unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
K7AntiVirus	Trojan ( 004fae881 )
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
Cybereason	malicious.7836c6
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Trojan Horse
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
McAfee	Trojan-FJIN!A63B46B7836C
Avast	Win32:MsfShell-V [Hack]
ClamAV	Win.Malware.Metasploit-10022275-0
Kaspersky	HEUR:Trojan.Win64.Packed.gen
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
TrendMicro	TROJ64_SWRORT.SM1
McAfeeD	Real Protect-LS!A63B46B7836C
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.a63b46b7836c6c26
Sophos	ATK/Meter-A
Ikarus	Trojan.Win64.Meterpreter
Jiangmin	Trojan.Generic.auyjj
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
MAX	malware (ai score=86)
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	malware.kb.b.977
Gridinsoft	Trojan.Win64.Gen.tr
Microsoft	Trojan:Win64/Meterpreter!pz
ViRobot	Trojan.Win.Z.Rozena.7168.MLM
ZoneAlarm	HEUR:Trojan.Win64.Packed.gen
GData	Trojan.Metasploit.A
Varist	W64/S-c4a4ef26!Eldorado
AhnLab-V3	Trojan/Win64.Shelma.R274246
Acronis	suspicious
DeepInstinct	MALICIOUS

dead_host	192.168.56.101:49162
dead_host	94.139.242.7:5454

itit.exe