Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 17, 2024, 1:26 p.m.	Sept. 17, 2024, 1:30 p.m.

Size	271.3KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`3eee1ec7c33c0101a5dcfe2656d26b3c`
SHA256	`52816435236c6f6731a21b1bc29dbc1cde978a72630d08a6b2bfb06c088c8a73`
CRC32	`8DB4D5E8`
ssdeep	`6144:g70WS45KS6ma1EYqg3PKne8C+lmOtWjoO/Vt9Lq:GuKtCOPayekPIn/vY`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

s.exe "C:\Users\test22\AppData\Local\Temp\s.exe"
2564
- calc.exe calc.exe
  2636

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 17, 2024, 1:26 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 17, 2024, 1:26 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Marte.4!c
Cynet	Malicious (score: 100)
ALYac	Generic.ShellCode.Marte.H.5704EE48
Cylance	Unsafe
VIPRE	Generic.ShellCode.Marte.H.5704EE48
Sangfor	Trojan.Win32.Rozena.V7zi
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.ShellCode.Marte.H.5704EE48
K7GW	Trojan ( 0059b1e41 )
K7AntiVirus	Trojan ( 0059b1e41 )
Symantec	Meterpreter
Elastic	Windows.Trojan.Metasploit
ESET-NOD32	a variant of Win32/Rozena.BNO
APEX	Malicious
Avast	Win32:MsfShell-K [Trj]
ClamAV	Win.Trojan.MSShellcode-7
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/Meterpreter.70a8a0b0
MicroWorld-eScan	Generic.ShellCode.Marte.H.5704EE48
Rising	Trojan.Rozena!8.6D (CLOUD)
Emsisoft	Generic.ShellCode.Marte.H.5704EE48 (B)
F-Secure	Trojan.TR/Rozena.giyjb
Zillya	Trojan.Rozena.Win32.226530
TrendMicro	TROJ_GEN.R002C0DH624
McAfeeD	ti!52816435236C
CTX	exe.trojan.rozena
Sophos	Mal/Generic-S
FireEye	Generic.mg.3eee1ec7c33c0101
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Rozena.giyjb
Antiy-AVL	Trojan/Win32.Meterpreter
Kingsoft	malware.kb.a.898
Gridinsoft	Trojan.Win32.Rozena.sa
Xcitium	Malware@#3gvogn30a9cw0
Arcabit	Generic.ShellCode.Marte.H.5704EE48
ViRobot	Trojan.Win.Z.Rozena.277826
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Meterpreter.O
Varist	W32/Rozena.FU.gen!Eldorado
AhnLab-V3	Trojan/Win.TrojanX-gen.R525815
DeepInstinct	MALICIOUS
Malwarebytes	Rozena.Trojan.Shell.DDS
Ikarus	Trojan.Win32.Rozena
Panda	Trj/GdSda.A
TrendMicro-HouseCall	TROJ_GEN.R002C0DH624
Tencent	Malware.Win32.Gencirc.11c51be5
huorong	Backdoor/Meterpreter.e
AVG	Win32:MsfShell-K [Trj]

s.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All