Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 20, 2024, 9:09 a.m.	Oct. 20, 2024, 9:19 a.m.

Size	7.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`95ce375ef761921a82f68524f8b4768a`
SHA256	`aec0badd335d944f548235810e80b9a67a2828f3715b5cb21bd642d77211875c`
CRC32	`F94D2E23`
ssdeep	`24:eFGStrJ9u0/6UZZRnZdEBQAV8aKq9K9qGeNDJSqUmZEWdXCIGDpmB:is0LZZhEBQpE9sSDoqUjWZCSB`
Yara	Windows_Trojan_Metasploit_91bc5d7d - (no description) PE_Header_Zero - PE File Signature IsPE64 - (no description) MALWARE_Win_MeterpreterStager - Detects Meterpreter stager payload Generic_Malware_Zero - Generic Malware

shell.exe "C:\Users\test22\AppData\Local\Temp\shell.exe"
1440
- cmd.exe cmd
  2428

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

section

.ujdo

Time & API	Arguments	Status	Return	Repeated
__exception__ Oct. 20, 2024, 9:09 a.m.	stacktrace: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x7706a404 shell+0x41cc @ 0x1400041cc 0x7fffffdb000 0x12fda8 shell+0x400a @ 0x14000400a shell+0x41cc @ 0x1400041cc exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65 exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 exception.instruction: push rsp exception.module: kernel32.dll exception.exception_code: 0xc0000005 exception.offset: 697348 exception.address: 0x7706a404 registers.r14: 1245000 registers.r15: 0 registers.rcx: 0 registers.rsi: 1244864 registers.r10: 5368725964 registers.rbx: 1453503984 registers.rsp: 1244768 registers.r11: 582 registers.r8: 1244584 registers.r9: 5368725514 registers.rdx: 8796092870656 registers.r12: 1244576 registers.rbp: 5368725514 registers.rdi: 88 registers.rax: 1996923908 registers.r13: 1244584	1	0	0

dead_host

10.10.10.10:4443

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Metasploit.4!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	HackTool.Metasploit.S9212471
ALYac	Trojan.Metasploit.A
Cylance	Unsafe
Sangfor	HackTool.Win32.Reverse64_Bin_v2_5_through_v4_x.uwccg
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.Metasploit.A
K7GW	Trojan ( 004fae881 )
K7AntiVirus	Trojan ( 004fae881 )
Arcabit	Trojan.Metasploit.A
VirIT	Trojan.Win32.Generic.BZPS
Symantec	Packed.Generic.539
Elastic	Windows.Trojan.Metasploit
ESET-NOD32	a variant of Win64/Rozena.M
APEX	Malicious
Avast	Win32:MsfShell-V [Hack]
ClamAV	Win.Trojan.MSShellcode-6
Kaspersky	Trojan.Win64.Shelma.b
Alibaba	Trojan:Win64/Shelma.f5f969af
SUPERAntiSpyware	Trojan.Agent/Gen-MalPack
MicroWorld-eScan	Trojan.Metasploit.A
Rising	Trojan.Kryptik/x64!1.A2F4 (CLASSIC)
Emsisoft	Trojan.Metasploit.A (B)
F-Secure	Trojan.TR/Crypt.XPACK.Gen7
DrWeb	BackDoor.Shell.244
Zillya	Trojan.Shelma.Win64.10933
TrendMicro	Trojan.Win64.SHELMA.SMB1
McAfeeD	Real Protect-LS!95CE375EF761
Trapmine	malicious.high.ml.score
CTX	exe.trojan.rozena
Sophos	ATK/Meter-A
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.95ce375ef761921a
Jiangmin	Trojan/Agent.iigj
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Crypt.XPACK.Gen7
Antiy-AVL	GrayWare/Win32.Rozena.j
Kingsoft	Win64.Trojan.Shelma.b
Gridinsoft	Trojan.Win64.ShellCode.sd!s1
Microsoft	Trojan:Win64/Meterpreter!pz
ZoneAlarm	Trojan.Win64.Shelma.b
GData	Win64.Trojan.Rozena.A
Varist	W64/Rozena.IG
AhnLab-V3	Trojan/Win.Generic.R610915
Acronis	suspicious
McAfee	Trojan-FJIN!95CE375EF761
DeepInstinct	MALICIOUS

shell.exe