Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 30, 2023, 8:49 a.m.	July 30, 2023, 9:04 a.m.

Size	830.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`c36f10074bd560df1341aeb405b23641`
SHA256	`876c3656f74c6fcfaa25bda37dc1c6f868677c088953c722ef4595efe40f0c7f`
CRC32	`66BE48F0`
ssdeep	`6144:547p0yN90QEV/E9DuLVoF99OHkWOIzDtZ:5Jy90nVoFmnOGDtZ`
PDB Path	wextract.pdb
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
WriteConsoleW July 30, 2023, 8:50 a.m.	buffer: thread ' console_handle: 0x000000000000000b	1	1
WriteConsoleW July 30, 2023, 8:50 a.m.	buffer: main console_handle: 0x000000000000000b	1	1
WriteConsoleW July 30, 2023, 8:50 a.m.	buffer: ' panicked at ' console_handle: 0x000000000000000b	1	1
WriteConsoleW July 30, 2023, 8:50 a.m.	buffer: assertion failed: `(left != right)` left: `0`, right: `0`: Os { code: 6, kind: Uncategorized, message: "The handle is invalid." } console_handle: 0x000000000000000b	1	1
WriteConsoleW July 30, 2023, 8:50 a.m.	buffer: C:\Users\Administrator\.cargo\registry\src\index.crates.io-6f17d22bba15001f\winproc-0.6.4\src\handle.rs console_handle: 0x000000000000000b	1	1
WriteConsoleW July 30, 2023, 8:50 a.m.	buffer: note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace console_handle: 0x000000000000000b	1	1

pdb_path

wextract.pdb

resource name

AVI

file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\payload.exe

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

reg_value

rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"

file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\payload.exe

Bkav	W32.Common.1AA49D69
Lionic	Trojan.Win32.Quasar.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.68362130
FireEye	Generic.mg.c36f10074bd560df
ALYac	Trojan.GenericKD.68362130
Cylance	unsafe
Sangfor	Trojan.Win64.Injector.Vdqx
K7AntiVirus	Trojan ( 005a57691 )
Alibaba	Trojan:MSIL/Quasar.eebda686
K7GW	Trojan ( 005a57691 )
Arcabit	Trojan.Generic.D4131F92
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/Injector.MM
APEX	Malicious
Avast	Win64:Malware-gen
Cynet	Malicious (score: 100)
Kaspersky	Trojan.MSIL.Quasar.bob
BitDefender	Trojan.GenericKD.68362130
NANO-Antivirus	Trojan.Win64.Quasar.jxoumh
Tencent	Msil.Trojan.Quasar.Lajl
Emsisoft	Trojan.GenericKD.68362130 (B)
F-Secure	Trojan.TR/Injector.xropa
VIPRE	Trojan.GenericKD.68362130
McAfee-GW-Edition	BehavesLike.Win64.Dropper.ct
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Hulk.Gen
Avira	TR/AD.Nekark.jlfck
MAX	malware (ai score=89)
Gridinsoft	Malware.Win64.Downloader.cc
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	Trojan.MSIL.Quasar.bob
GData	Trojan.GenericKD.68362130
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5462388
McAfee	Artemis!C36F10074BD5
Panda	Trj/Chgt.AD
Rising	Malware.SwollenFile!1.DDB4 (CLASSIC)
Ikarus	Trojan.Win32.Chifrax
MaxSecure	Trojan.Malware.214774093.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

new.EXE