ScreenShot
Created | 2021.03.09 11:28 | Machine | s1_win7_x6402 |
Filename | shipment-delivery.jar | ||
Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code pa | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : malware | ||
VT API (file) | 17 detected (Artemis, Java, Ratty, Eldorado, Appjar, gen1, effhmh, SMSSend, ctchk, Malicious, score, HnoASQQA) | ||
md5 | ed6b1dbcfe666b77c4d19fbed8ec4aed | ||
sha256 | 9e6dc7c103792282dfb4f1dbc2b9357033756eda1ffb99554f397d4042e70dcc | ||
ssdeep | 49152:rwHnjis3z6pKtbvAF3Nn7BxwutAgpbC7ALN:rwHmQGFdn7BxwuzpbC7AJ | ||
imphash | |||
impfuzzy |
Network IP location
Signature (5cnts)
Level | Description |
---|---|
danger | A potential heapspray has been detected. 1069 megabytes was sprayed onto the heap of the java.exe process |
watch | Communicates with host for which no DNS query was performed |
watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
notice | Allocates read-write-execute memory (usually to unpack itself) |
info | Checks amount of memory in system |
Rules (9cnts)
Level | Name | Description | Collection |
---|---|---|---|
danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
notice | Str_Win32_Http_API | Match Windows Http API call | binaries (upload) |
notice | Str_Win32_Internet_API | Match Windows Inet API call | binaries (upload) |
info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
info | Microsoft_Office_Document_Zero | Microsoft Office Document Signature Zero | binaries (upload) |
info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
info | win_files_operation | Affect private profile | binaries (upload) |
info | win_mutex | Create or check mutex | binaries (upload) |
info | win_registry | Affect system registries | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|