Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 11, 2024, 2:25 p.m.	Aug. 11, 2024, 3:25 p.m.

Size	387.6KB
Type	ASCII text, with very long lines
MD5	`9dc0a907c4136946f8d3b0c42ebf677f`
SHA256	`eed87a02d126c3ac0ab90a66f4e4a58f24d6a0f4028a2643e83a3a8b075cb5ac`
CRC32	`ED39730B`
ssdeep	`12288:LoC4sPKvWDIPH3NHIpdb+DrYK3ZpMMEMsz2e:AvWqSMsz2e`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\beacon_x64.ps1
2032

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 11, 2024, 2:25 p.m.		1	1	0

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 11, 2024, 2:25 p.m.	process_identifier: 2032 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0254b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Aug. 11, 2024, 2:25 p.m.	process_identifier: 2032 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0255f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Cynet	Malicious (score: 99)
CAT-QuickHeal	Script.Trojan.Script.42926
Skyhigh	BehavesLike.PS.Dropper.fn
ALYac	Trojan.GenericKD.69757955
VIPRE	Trojan.GenericKD.69757955
Sangfor	Malware.Generic-PS.Save.d41b8e2c
Arcabit	Trojan.Generic.D4286C03
VirIT	Trojan.PS.Cobalt.QG
Symantec	Backdoor.Cobalt
ESET-NOD32	Win32/Rozena.ACE
McAfee	PS/Rozena.b
Avast	PwrSh:Dropper-F [Trj]
ClamAV	Win.Trojan.CobaltStrike-7917400-0
Kaspersky	Trojan.PowerShell.Cobalt.a
BitDefender	Trojan.GenericKD.69757955
NANO-Antivirus	Trojan.Script.Rozena.haktke
MicroWorld-eScan	Trojan.GenericKD.69757955
Rising	Trojan.Injector/PS!1.D1D5 (CLASSIC)
Emsisoft	Trojan.GenericKD.69757955 (B)
F-Secure	Trojan.TR/Coblat.G1
DrWeb	PowerShell.Inject.17
TrendMicro	Trojan.PS1.COBEACON.SMYXAK-B
FireEye	Trojan.GenericKD.69757955
Sophos	ATK/Cobalt-CP
Ikarus	Trojan.PS.Agent
Jiangmin	Trojan.Cometer.om
Google	Detected
Avira	TR/Coblat.G1
MAX	malware (ai score=81)
Microsoft	TrojanDropper:PowerShell/Cobacis.B
ZoneAlarm	Trojan.PowerShell.Cobalt.a
GData	Trojan.GenericKD.69757955
Varist	PSH/Agent.BO
AhnLab-V3	Trojan/PowerShell.CobaltStrike.S1463
Tencent	Unk.Win32.Script.404610
huorong	Trojan/PS.Rozena.b
Fortinet	PowerShell/AvosLocker.SM!tr
AVG	PwrSh:Dropper-F [Trj]

beacon_x64.ps1