ScreenShot
| Created | 2021.03.09 11:28 | Machine | s1_win7_x6402 |
| Filename | shipment-delivery.jar | ||
| Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code pa | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 17 detected (Artemis, Java, Ratty, Eldorado, Appjar, gen1, effhmh, SMSSend, ctchk, Malicious, score, HnoASQQA) | ||
| md5 | ed6b1dbcfe666b77c4d19fbed8ec4aed | ||
| sha256 | 9e6dc7c103792282dfb4f1dbc2b9357033756eda1ffb99554f397d4042e70dcc | ||
| ssdeep | 49152:rwHnjis3z6pKtbvAF3Nn7BxwutAgpbC7ALN:rwHmQGFdn7BxwuzpbC7AJ | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | A potential heapspray has been detected. 1069 megabytes was sprayed onto the heap of the java.exe process |
| watch | Communicates with host for which no DNS query was performed |
| watch | File has been identified by 17 AntiVirus engines on VirusTotal as malicious |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| info | Checks amount of memory in system |
Rules (9cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| danger | Win32_Trojan_Gen_1_0904B0_Zero | Win32 Trojan Emotet | binaries (upload) |
| notice | Str_Win32_Http_API | Match Windows Http API call | binaries (upload) |
| notice | Str_Win32_Internet_API | Match Windows Inet API call | binaries (upload) |
| info | OS_Processor_Check_Zero | OS Processor Check Signature Zero | binaries (upload) |
| info | Microsoft_Office_Document_Zero | Microsoft Office Document Signature Zero | binaries (upload) |
| info | Win32_Trojan_Gen_2_0904B0_Zero | Win32 Trojan Gen | binaries (upload) |
| info | win_files_operation | Affect private profile | binaries (upload) |
| info | win_mutex | Create or check mutex | binaries (upload) |
| info | win_registry | Affect system registries | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|