Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 18, 2024, 9:30 a.m.	Nov. 18, 2024, 9:35 a.m.

Size	214.9KB
Type	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	`c65d43d62825d0941597622cc3a484ac`
SHA256	`632cc311aec3726d9f6bbb89e119c0222274cc6b3837dbd0c642ce609cd056b9`
CRC32	`05E2B426`
ssdeep	`3072:OYzGetsrklMyXwF/ChT6RtnBpKn418PWZ8m1Xz2Q+humtE/IGRIqBL:aeqYxIQ6RtnAYBL`
Yara	IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\windows_update.dll,reverse_shell
2544
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\windows_update.dll,reverse_shell
  2688
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\windows_update.dll,
2628

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
90.90.10.10	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 18, 2024, 9:31 a.m.			0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 18, 2024, 9:31 a.m.	process_identifier: 2688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

host

90.90.10.10

dead_host

90.90.10.10:1337

Bkav	W64.AIDetectMalware
Cynet	Malicious (score: 99)
ALYac	Trojan.GenericKD.74837742
Cylance	Unsafe
VIPRE	Trojan.GenericKD.74837742
BitDefender	Trojan.GenericKD.74836102
K7GW	Trojan ( 005b52af1 )
K7AntiVirus	Trojan ( 005b52af1 )
Arcabit	Trojan.Generic.D475E886
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/ReverseShell.FQ
Avast	Win64:MalwareX-gen [Trj]
MicroWorld-eScan	Trojan.GenericKD.74836102
Rising	Trojan.ReverseShell!8.5EA1 (CLOUD)
Emsisoft	Trojan.GenericKD.74836102 (B)
F-Secure	Trojan.TR/Redcap.ixiwg
McAfeeD	ti!632CC311AEC3
CTX	dll.trojan.reverseshell
Sophos	Generic Reputation PUA (PUA)
FireEye	Trojan.GenericKD.74836102
Google	Detected
Avira	TR/Redcap.ixiwg
Antiy-AVL	GrayWare/Win32.Wacapew
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Trojan.GenericKD.74836102
McAfee	Artemis!C65D43D62825
DeepInstinct	MALICIOUS
Ikarus	Trojan.Win64.Shellcoderunner
Fortinet	W64/ReverseShell.FQ!tr
AVG	Win64:MalwareX-gen [Trj]
Paloalto	generic.ml

windows_update.dll