Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 23, 2024, 10:10 a.m.	July 23, 2024, 10:10 a.m.

Size	95.5KB
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`03bed904291f531fc5381307e361b70f`
SHA256	`15665af2e4efa5f4f5a25bdb36090961b92818d01f40f90b9eaa4cc5a97902e3`
CRC32	`A5A83F9D`
ssdeep	`1536:S8yZzfkJ6CQ1bvbrrySCIiaC6yiJikvEDSbvz4+zeGI8ZZwZdXhXOkUWTohlqeCg:BEzsqxE2t0puoC`
Yara	PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsDLL - (no description) IsPE64 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\inject.txt.exe.dll,
2632
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\inject.txt.exe.dll,buf
2548
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\inject.txt.exe.dll,buf
  2692

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.208.158.176	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.208.158.176:7283 -> 192.168.56.101:49163	2400032	ET DROP Spamhaus DROP Listed Traffic Inbound group 33	Misc Attack

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 23, 2024, 10:10 a.m.	process_identifier: 2692 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001c70000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1	0	0

Communicates with host for which no DNS query was performed (1 event)

host

185.208.158.176

File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Marte.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.Generic
Skyhigh	Artemis!Trojan
ALYac	Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Cylance	Unsafe
VIPRE	Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Sangfor	Trojan.Win64.Rozena.Vjcf
K7AntiVirus	Trojan ( 00519b2a1 )
BitDefender	Generic.Shellcode.Ode.Marte.A.EE9FCE9E
K7GW	Trojan ( 00519b2a1 )
Arcabit	Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Symantec	Meterpreter
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
McAfee	Artemis!03BED904291F
Avast	Win64:MetasploitEncod-B [Trj]
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win64/Meterpreter.222c73dd
NANO-Antivirus	Trojan.Win64.Rozena.kpztjz
MicroWorld-eScan	Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Rising	Trojan.Generic!8.C3 (CLOUD)
Emsisoft	Generic.Shellcode.Ode.Marte.A.EE9FCE9E (B)
F-Secure	Trojan.TR/Rozena.xxkgf
TrendMicro	Backdoor.Win64.SWRORT.YXEGUZ
McAfeeD	ti!15665AF2E4EF
FireEye	Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Crypt
Webroot	W32.Malware.Gen
Google	Detected
Avira	TR/Rozena.xxkgf
Antiy-AVL	Trojan/Win64.Rozena
Kingsoft	Win32.Trojan.Generic.a
Gridinsoft	Trojan.Win64.Generic.sa
Microsoft	Trojan:Win64/Meterpreter.E
ViRobot	Trojan.Win.Z.Rozena.97776.A
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Generic.Shellcode.Ode.Marte.A.EE9FCE9E
Varist	W64/ABTrojan.DITB-7551
AhnLab-V3	Trojan/Win.Generic.C5642749
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.3271261238
Panda	Trj/GdSda.A
TrendMicro-HouseCall	Backdoor.Win64.SWRORT.YXEGUZ
Tencent	Malware.Win32.Gencirc.10c019a8
MAX	malware (ai score=89)
MaxSecure	Trojan.Malware.7164915.susgen

inject.txt.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All