popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Journal.exe

Malicious Library PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Sept. 23, 2024, 10:50 a.m. Sept. 23, 2024, 11:06 a.m.
Size 321.0KB
Type PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5 59fc81032d61afec30ba06c776f7f3cd
SHA256 37bdec28067c098d357d9ffb8788813b4ff8ebeeb1132f2a6db109e57ead1896
CRC32 8FB67787
ssdeep 6144:JZSnCSRkIaRrw8rfCM3uwAT+Ny1YkEjKsPNmWRRQ42sl6a3XrNHQnMF98nmRgeVw:XZS2frXTb3gT+gYhjKsPNmWHQ4PVrNHO
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE64 - (no description)

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
89.197.154.116 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49164 -> 89.197.154.116:7810 2260000 SURICATA Applayer Mismatch protocol both directions Generic Protocol Command Decode
TCP 192.168.56.103:49164 -> 89.197.154.116:7810 2033713 ET MALWARE Cobalt Strike Beacon Observed Targeted Malicious Activity was Detected

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameA

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 524
region_size: 360448
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000960000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0
description Journal.exe tried to sleep 171 seconds, actually delayed analysis time by 171 seconds
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x00000000006c0000
process_handle: 0xffffffffffffffff
1 0 0
section {u'size_of_data': u'0x0004be00', u'virtual_address': u'0x00004000', u'entropy': 7.259969715819752, u'name': u'.data', u'virtual_size': u'0x0004bcf0'} entropy 7.25996971582 description A section with a high entropy has been found
entropy 0.9484375 description Overall entropy of this PE file is high
host 89.197.154.116
Bkav W64.AIDetectMalware
Lionic Trojan.Win32.CobaltStrike.4!c
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.Win64
Skyhigh BehavesLike.Win64.Trojan.fc
ALYac Dump:Generic.Beacon.Marte.B.935A2E7B
Cylance Unsafe
VIPRE Dump:Generic.Beacon.Marte.B.935A2E7B
Sangfor Trojan.Win32.CobaltStrike
CrowdStrike win/malicious_confidence_100% (D)
BitDefender Dump:Generic.Beacon.Marte.B.935A2E7B
K7GW Trojan ( 0058fadf1 )
K7AntiVirus Trojan ( 0058fadf1 )
Arcabit Dump:Generic.Beacon.Marte.B.935A2E7B
VirIT Trojan.Win64.CobalStrike
Symantec Backdoor.Cobalt
Elastic Windows.Trojan.CobaltStrike
ESET-NOD32 a variant of Win64/CobaltStrike.Artifact.A
APEX Malicious
Avast Win64:Evo-gen [Trj]
ClamAV Win.Trojan.CobaltStrike-9044898-1
Kaspersky HEUR:Trojan.Win64.CobaltStrike.gen
Alibaba Backdoor:Win64/Artifact.070a71fd
NANO-Antivirus Trojan.Win64.Cometer.krzpia
MicroWorld-eScan Dump:Generic.Beacon.Marte.B.935A2E7B
Rising Backdoor.CobaltStrike/x64!1.E382 (CLASSIC)
Emsisoft Dump:Generic.Beacon.Marte.B.935A2E7B (B)
F-Secure Heuristic.HEUR/AGEN.1344321
DrWeb BackDoor.Meterpreter.157
TrendMicro Backdoor.Win64.COBEACON.SMA
McAfeeD ti!37BDEC28067C
CTX exe.trojan.cobaltstrike
Sophos ATK/Cobalt-A
SentinelOne Static AI - Malicious PE
FireEye Generic.mg.59fc81032d61afec
Jiangmin Trojan.CobaltStrike.qz
Webroot W32.Trojan.Gen
Google Detected
Avira HEUR/AGEN.1344321
Antiy-AVL Trojan/Win64.Kryptik
Kingsoft Win64.Trojan.CobaltStrike.gen
Gridinsoft Trojan.Win64.Kryptik.oa!s1
Xcitium Malware@#3qgm632ue3hdj
Microsoft Backdoor:Win64/CobaltStrike.NP!dha
ZoneAlarm HEUR:Trojan.Win32.Cometer.gen
GData Dump:Generic.Beacon.Marte.B.935A2E7B
Varist W64/Cobalt.M.gen!Eldorado
AhnLab-V3 Backdoor/Win.COBEACON.R611870
McAfee Trojan-FWTM!59FC81032D61
TACHYON Trojan/W64.CobaltStrike.328704