popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

evil.hta

PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 24, 2024, 10:58 a.m. Oct. 24, 2024, 11:07 a.m.
Size 430.8KB
Type HTML document, ASCII text, with very long lines
MD5 bbef4076e21551ff83395d537239ab87
SHA256 c57f7ed4d9373c96cd228884c535a545c388d6edee4fae49afb7763c69450281
CRC32 A32A7F62
ssdeep 6144:psaVtjmheesUL+x2MreII4DMImzHvye1f:uaVtjmheesUL226JI43K
Yara None matched

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce2000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x03ce2000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\rad903C3.tmp\evil.exe
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 1208
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 16 (PAGE_EXECUTE)
base_address: 0x03ce0000
process_handle: 0xffffffff
1 0 0
CTX txt.unknown.heur2
CAT-QuickHeal Script.Trojan.46253
Skyhigh BehavesLike.HTML.Dropper.gx
VIPRE GT:VB.Heur2.CVE-2018-8174.3.9E563995
Arcabit GT:VB.Heur2.CVE-2018-8174.3.9E563995
Baidu VBS.Trojan-Dropper.Agent.a
Symantec VBS.Heur.SNIC
ESET-NOD32 VBS/TrojanDropper.Agent.NNB
TrendMicro-HouseCall Trojan.VBS.COBEACON.SM
Avast VBS:Downloader-YO [Trj]
Kaspersky HEUR:Trojan-Dropper.Script.Generic
BitDefender GT:VB.Heur2.CVE-2018-8174.3.9E563995
NANO-Antivirus Trojan.Script.TrjGen.ebogzi
MicroWorld-eScan GT:VB.Heur2.CVE-2018-8174.3.9E563995
Rising Dropper.Agent!8.2F (TOPIS:E0:TyLkoyrXauN)
Emsisoft GT:VB.Heur2.CVE-2018-8174.3.9E563995 (B)
DrWeb VBS.Siggen.7605
Zillya Dropper.Inor.VBS.1
TrendMicro Trojan.VBS.COBEACON.SM
Sophos Troj/Inor-Fam
Ikarus Trojan.Win32.Veilev
FireEye GT:VB.Heur2.CVE-2018-8174.3.9E563995
Jiangmin TrojanDropper.Script.ap
Google Detected
Kingsoft Script.Ks.Malware.16971
Xcitium TrojWare.VBS.TrojanDropper.Agent.NBY@7nkapq
GData GT:VB.Heur2.CVE-2018-8174.3.9E563995
Varist VBS/Agent.TH
McAfee VBS/Dropper.z
huorong TrojanDropper/VBS.Agent.g
Fortinet VBS/Dropper.SVC!tr
AVG VBS:Downloader-YO [Trj]