Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 17, 2024, 1:35 p.m.	Sept. 17, 2024, 1:39 p.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`85ed77502f23915be5152b48bf4160e1`
SHA256	`5f650b5027bb66675baee0b14c9fa844f6c19a5e26015a7c5a2f3afd82428689`
CRC32	`006499EA`
ssdeep	`24:eFGStrJ9u0/638uRnZdEBQAV8aKq9K9qOeNDJSqUmZEWdXCIGDpmB:is0w8uhEBQpE9kSDoqUjWZCSB`
Yara	Windows_Trojan_Metasploit_91bc5d7d - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description) MALWARE_Win_MeterpreterStager - Detects Meterpreter stager payload Generic_Malware_Zero - Generic Malware

reverse_shell.exe "C:\Users\test22\AppData\Local\Temp\reverse_shell.exe"
1960
- cmd.exe cmd
  2084

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
211.196.223.62	Active	Moloch

No Suricata Alerts

No Suricata TLS

section

.hesi

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 17, 2024, 1:35 p.m.	stacktrace: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x7706a404 reverse_shell+0x41cc @ 0x1400041cc 0x7fffffdf000 0x12fda8 reverse_shell+0x400a @ 0x14000400a reverse_shell+0x41cc @ 0x1400041cc exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65 exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 exception.instruction: push rsp exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 697348 exception.address: 0x7706a404 registers.r14: 1245000 registers.r15: 0 registers.rcx: 0 registers.rsi: 1244864 registers.r10: 5368725964 registers.rbx: 1453503984 registers.rsp: 1244768 registers.r11: 582 registers.r8: 1244584 registers.r9: 5368725514 registers.rdx: 8796092887040 registers.r12: 1244576 registers.rbp: 5368725514 registers.rdi: 88 registers.rax: 1996923908 registers.r13: 1244584	1	0	0

host

211.196.223.62

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
Skyhigh	BehavesLike.Win64.Infected.zz
ALYac	Trojan.Metasploit.A
Cylance	Unsafe
VIPRE	Trojan.Metasploit.A
Sangfor	HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
CrowdStrike	win/malicious_confidence_100% (D)
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
K7AntiVirus	Trojan ( 004fae881 )
Arcabit	Trojan.Metasploit.A
Symantec	Packed.Generic.539
Elastic	Windows.Trojan.Metasploit
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
Avast	Win32:MsfShell-V [Hack]
ClamAV	Win.Trojan.MSShellcode-6
Kaspersky	Trojan.Win64.Shelma.b
Alibaba	Trojan:Win64/Shelma.3f6f4e27
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
TrendMicro	Trojan.Win64.SHELMA.SMB1
McAfeeD	Real Protect-LS!85ED77502F23
Trapmine	malicious.high.ml.score
CTX	exe.trojan.rozena
Sophos	ATK/Meter-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.85ed77502f23915b
Jiangmin	Trojan/Agent.iigj
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	Win64.Trojan.Shelma.b
Gridinsoft	Trojan.Win64.ShellCode.sd!s1
Xcitium	Malware@#10thutx6dagc1
Microsoft	Trojan:Win64/Meterpreter!pz
ViRobot	Trojan.Win.Z.Rozena.7168.QJJ
ZoneAlarm	Trojan.Win64.Shelma.b
GData	Win64.Trojan.Rozena.A
Varist	W64/Rozena.IG
AhnLab-V3	Trojan/Win.Generic.R610915
Acronis	suspicious

dead_host	211.196.223.62:4445
dead_host	192.168.56.103:49161

reverse_shell.exe