Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 4, 2023, 8:55 a.m.	Aug. 4, 2023, 8:57 a.m.

Size	124.0KB
Type	PE32+ executable (console) x86-64, for MS Windows
MD5	`413157ad1210bff496058fb2d23269c3`
SHA256	`03d58184754f59c5a82a69a5865dcdb3d8b751873b7a45c17780df18ed8b31f1`
CRC32	`6CA44F49`
ssdeep	`3072:0/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFSiIt:3tzsb5Uh28+V1WW69B9VjMdxPedN9ugz`
Yara	UPX_Zero - UPX packed file IsPE64 - (no description) Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature

utilsx.exe "C:\Users\test22\AppData\Local\Temp\utilsx.exe"
2552
- cmd.exe "C:\Windows\system32\cmd" /c "C:\Users\test22\AppData\Local\Temp\F00D.tmp\F01D.tmp\F01E.bat C:\Users\test22\AppData\Local\Temp\utilsx.exe"
  2624

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Aug. 4, 2023, 8:48 a.m.	buffer: Check for updates? yes/no console_handle: 0x0000000000000007	1	1	0
WriteConsoleW Aug. 4, 2023, 8:48 a.m.	buffer: type: console_handle: 0x0000000000000007	1	1	0

section

.code

file	C:\Users\test22\AppData\Local\Temp\utilsxupdater.exe
file	C:\Users\test22\AppData\Local\Temp\F00D.tmp\F01D.tmp\F01E.bat

section

{u'size_of_data': u'0x00000e00', u'virtual_address': u'0x00022000', u'entropy': 7.154669031660471, u'name': u'.rsrc', u'virtual_size': u'0x00000c0c'}

entropy

7.15466903166

description

A section with a high entropy has been found

cmdline

"C:\Windows\system32\cmd" /c "C:\Users\test22\AppData\Local\Temp\F00D.tmp\F01D.tmp\F01E.bat C:\Users\test22\AppData\Local\Temp\utilsx.exe"

file	C:\Users\test22\AppData\Local\Temp\F00D.tmp
file	C:\Users\test22\AppData\Local\Temp\F00D.tmp\F01D.tmp

Bkav	W32.Common.FFE247B3
tehtris	Generic.Malware
MicroWorld-eScan	Trojan.GenericKD.68501123
FireEye	Generic.mg.413157ad1210bff4
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.dd1f9c
Arcabit	Trojan.Generic.D4153E83
Cyren	W64/Boxter.A.gen!Eldorado
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
BitDefender	Trojan.GenericKD.68501123
TACHYON	Trojan/W64.Agent.126976.B
Emsisoft	Trojan.GenericKD.68501123 (B)
McAfee-GW-Edition	BehavesLike.Win64.RealProtect.ch
Trapmine	suspicious.low.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Webroot	Pua.Gen
Microsoft	Trojan:Win32/Casdet!rfn
GData	Trojan.GenericKD.68501123
Google	Detected
McAfee	Artemis!413157AD1210
MAX	malware (ai score=84)
Malwarebytes	Generic.Malware.AI.DDS
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
DeepInstinct	MALICIOUS

utilsx.exe