popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

svchost.dll

PE64 PE File DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 11, 2024, 10:08 a.m. Sept. 11, 2024, 10:14 a.m.
Size 10.0KB
Type PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 758efd58932dd3199c315a51c4b103a7
SHA256 bf37d4e2861b9f32f706d231974955bdf502c18967c4529a03246d74b093adda
CRC32 86408E53
ssdeep 192:SjuHTLkz9Kyd1mhAurFdOUhq7G0gAxWw7hAljgF1pELV4y1Drlur+aR4YwVF++z4:SjuHTLScyd1mhAurFdOUhq7G09xWw7hx
Yara
  • PE_Header_Zero - PE File Signature
  • IsDLL - (no description)
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
93.113.171.225 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://93.113.171.225/service
request GET http://93.113.171.225/service
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 311296
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000028b0000
process_handle: 0xffffffffffffffff
1 0 0
cmdline "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\svchost.dll,debug
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2704
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 200704
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x0000000002b10000
process_handle: 0xffffffffffffffff
1 0 0
host 93.113.171.225
process rundll32.exe useragent
process rundll32.exe useragent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts; IE0006_ver1;EN_GB)
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.Cobalt Strike.4!c
Cynet Malicious (score: 100)
Sangfor Trojan.Win32.Agent.Vdte
Elastic malicious (moderate confidence)
APEX Malicious
Avast Win64:Evo-gen [Trj]
Kaspersky Trojan.Win32.Cobalt.uft
Rising Trojan.Cobalt!8.C4EF (CLOUD)
F-Secure Heuristic.HEUR/AGEN.1301964
McAfeeD ti!BF37D4E2861B
FireEye Generic.mg.758efd58932dd319
Avira HEUR/AGEN.1301964
Kingsoft Win32.Trojan.Cobalt.uft
ZoneAlarm Trojan.Win32.Cobalt.uft
GData Win64.Trojan.Agent.QMRUFF
McAfee Artemis!758EFD58932D
DeepInstinct MALICIOUS
Tencent Win32.Trojan.Cobalt.Ssmw
Fortinet W32/PossibleThreat
AVG Win64:Evo-gen [Trj]
Paloalto generic.ml
alibabacloud Trojan:Win/Cobalt.upl