popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

cmd.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 17, 2024, 1:30 p.m. Sept. 17, 2024, 1:39 p.m.
Size 321.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 567381ee89c758794e9c619262885899
SHA256 8b3f9e03355126225924ed8112b7916e0dddc260dee74c4fb72b02f6ea76bb58
CRC32 4BB3572E
ssdeep 6144:sIwCP2l6T3Sxa3Kv/iSFA3OsRlPno0xwCQQr61CGcHKN32jdVG5UrrSD:Qbu3oDiSubFwCQQjdVear
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
113.125.25.119 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2636
region_size: 360448
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000750000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
description cmd.exe tried to sleep 171 seconds, actually delayed analysis time by 171 seconds
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2636
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x0000000000460000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x0004be00', u'virtual_address': u'0x00004000', u'entropy': 7.249796272079916, u'name': u'.data', u'virtual_size': u'0x0004bcf0'} entropy 7.24979627208 description A section with a high entropy has been found
entropy 0.9484375 description Overall entropy of this PE file is high
host 113.125.25.119
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.CobaltStrike.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Cometer
Skyhigh BehavesLike.Win64.Backdoor.fc
ALYac Dump:Generic.Beacon.Marte.B.CB08C202
Cylance Unsafe
VIPRE Dump:Generic.Beacon.Marte.B.CB08C202
Sangfor Trojan.Win32.CobaltStrike
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Dump:Generic.Beacon.Marte.B.CB08C202
K7GW Trojan ( 0058fadf1 )
K7AntiVirus Trojan ( 0058fadf1 )
Arcabit Dump:Generic.Beacon.Marte.B.CB08C202
VirIT Trojan.Win64.CobalStrike
Symantec Backdoor.Cobalt
Elastic Windows.Trojan.CobaltStrike
ESET-NOD32 a variant of Win64/CobaltStrike.Artifact.A
APEX Malicious
Avast Win64:Evo-gen [Trj]
ClamAV Win.Trojan.CobaltStrike-9044898-1
Kaspersky HEUR:Trojan.Win32.Cometer.gen
Alibaba Backdoor:Win64/Cometer.7424e2a8
MicroWorld-eScan Dump:Generic.Beacon.Marte.B.CB08C202
Rising Backdoor.CobaltStrike/x64!1.E382 (CLASSIC)
Emsisoft Dump:Generic.Beacon.Marte.B.CB08C202 (B)
F-Secure Heuristic.HEUR/AGEN.1344321
DrWeb BackDoor.Meterpreter.157
TrendMicro Backdoor.Win64.COBEACON.SMA
McAfeeD ti!8B3F9E033551
CTX exe.trojan.cobaltstrike
Sophos ATK/Cobalt-A
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.567381ee89c75879
Jiangmin Trojan.CobaltStrike.qz
Webroot W32.Trojan.Gen
Google Detected
Avira HEUR/AGEN.1344321
Antiy-AVL Trojan/Win64.Kryptik
Kingsoft Win32.Trojan.Cometer.gen
Gridinsoft Trojan.Win64.Kryptik.oa!s1
Microsoft Backdoor:Win64/CobaltStrike.NP!dha
ViRobot Trojan.Win.Z.Cobaltstrike.328704.KJ
ZoneAlarm HEUR:Trojan.Win32.Cometer.gen
GData Dump:Generic.Beacon.Marte.B.CB08C202
Varist W64/Cobalt.M.gen!Eldorado
AhnLab-V3 Backdoor/Win.COBEACON.R611870
McAfee Trojan-FWTM!567381EE89C7
TACHYON Trojan/W64.CobaltStrike.328704
DeepInstinct MALICIOUS
dead_host 192.168.56.101:49162
dead_host 192.168.56.101:49164
dead_host 113.125.25.119:18996