Favorites
Tools
Dr.Zero Chatbot
Notifications
Guide 2020-06-10
Version history 2020-06-10

latestReport
11.05 04:11
VST32License.exe
11.05 03:11
VST32License.exe
11.03 01:11
DocTromTinNhan.exe
11.01 06:11
MPDW-constraints.vbs
11.01 06:11
87f3f2.exe
11.01 06:11
Client-built.exe
11.01 06:11
norm.exe
11.01 06:11
chrome_131.exe
11.01 06:11
kjrhjijawdkrjhh.exe
11.01 09:11
Calibre_Installer.exe

Latest News
11.05 01:11
메가존클라우드-파이오링크, 클라우드 보안...
11.05 01:11
프로페셔널 헤어케어 브랜드 레삐, ‘20...
11.05 01:11
Chinese Group Accused ...
11.05 01:11
25년 정보보호 전자공시시스템 고도화 및...
11.05 01:11
KISA, 민원 응대 보호시스템 전사 확대
11.05 01:11
아늑샵, 2024년 4분기 '한국소비자인...
11.05 01:11
크라운슬립, 프리미엄 구스 이불 론칭 기...
11.05 01:11
Google Warns of Active...
11.05 12:11
안랩, 2024년 3분기 매출 685억,...
11.05 12:11
Southeast Asia’s Digit...

Summary | ZeroBOX

a.hta

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 1, 2024, 9:49 a.m.	Nov. 1, 2024, 9:51 a.m.

Size	2.2KB
Type	HTML document, ASCII text, with CRLF line terminators
MD5	`9d17c4b02df4c09f0912771f0768ff44`
SHA256	`7ac2fc998131815c7796e3f6f308a5c194e8cb0f1ba7fb6cc04f167d0b867de8`
CRC32	`F4166CF0`
ssdeep	`48:WnvgO2S2IXDMjNsJWRGYjXPd50anePtpBk+P:gx/ojNsYgYL0oqVP`
Yara	None matched

mshta.exe "C:\Windows\System32\mshta.exe" C:\Users\test22\AppData\Local\Temp\a.hta
2552

Name	Response	Post-Analysis Lookup
newshostingsupdate.com		161.97.130.110
www.hyperwrite.com		216.158.90.138

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 1, 2024, 9:49 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (5 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 1, 2024, 9:49 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Nov. 1, 2024, 9:49 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03880000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Nov. 1, 2024, 9:49 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03880000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Nov. 1, 2024, 9:49 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03880000 process_handle: 0xffffffff	1	0	0
NtProtectVirtualMemory Nov. 1, 2024, 9:49 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03880000 process_handle: 0xffffffff	1	0	0

File has been identified by 7 AntiVirus engines on VirusTotal as malicious (7 events)

Symantec	ISB.Downloader!gen60
Kaspersky	HEUR:Trojan.Script.Generic
F-Secure	Trojan-Downloader:JS/TeslaCrypt.C
Google	Detected
ZoneAlarm	HEUR:Trojan.Script.Generic
Varist	JS/Agent.SU!Eldorado
Yandex	HTML.Psyme.Gen

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 1, 2024, 9:49 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 16 (PAGE_EXECUTE) base_address: 0x03880000 process_handle: 0xffffffff	1	0	0

Disables proxy possibly for traffic interception (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExA Nov. 1, 2024, 9:49 a.m.	key_handle: 0x00000334 regkey_r: ProxyEnable reg_type: 4 (REG_DWORD) value: 0 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable	1	0	0