popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

log2.exe

Emotet Gen1 PhysicalDrive NSIS Generic Malware .NET framework(MSIL) UPX Downloader ASPack Antivirus Malicious Library Malicious Packer Admin Tool (Sysinternals etc ...) Javascript_Blob Anti_VM OS Processor Check PE File MZP Format PE32
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 2, 2024, 7:42 a.m. July 2, 2024, 7:49 a.m.
Size 147.5KB
Type MS-DOS executable, MZ for MS-DOS
MD5 8bad626419244605cb6bfa7ffef1e8cc
SHA256 d04ff81949232f1d404d9abf922e1a25b994e12d1b01fa96d129d8a13ce700d1
CRC32 8CB69E9E
ssdeep 3072:wr85C3C6kzWypvaQ0FxyNTBfr0GCHh7DhH:w9PkZvaF4NTBTJABH
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • Network_Downloader - File Downloader
  • ASPack_Zero - ASPack packed file
  • Malicious_Packer_Zero - Malicious Packer
  • IsPE32 - (no description)
  • UPX_Zero - UPX packed file
  • mzp_file_format - MZP(Delphi) file format

Name Response Post-Analysis Lookup
ddos.dnsnb8.net
A 44.221.84.105
44.221.84.105
IP Address Status Action
164.124.101.2 Active Moloch
44.221.84.105 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: [+] Free spoofer made by zezinho and enize
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: [+] Press enter to spoof
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: Press any key to continue . . .
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: "C:\Users\test22\AppData\Local\Temp\mNXfxi.exe"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: if
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: exist "C:\Users\test22\AppData\Local\Temp\mNXfxi.exe"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: goto
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: :DELFILE
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp>
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: del
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: "C:\Users\test22\AppData\Local\Temp\467673ea.bat"
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: The batch file cannot be found.
console_handle: 0x0000000b
1 1 0
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file C:\Program Files\Mozilla Firefox\firefox.exe
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
section CODE
section DATA
section BSS
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\recovery\101.3.34.11\ChromeRecovery.exe
file C:\Users\test22\AppData\Local\Temp\C0F9.tmp\C129.tmp\C13A.bat
file C:\Program Files (x86)\Mozilla Thunderbird\pingsender.exe
file C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe
file C:\Program Files (x86)\Hnc\HncUtils\HncUpdate.exe
file C:\Program Files (x86)\Microsoft Office\Office15\ACCICONS.EXE
file C:\Program Files (x86)\Hnc\PDF80\SetupDriver.exe
file C:\Users\test22\AppData\Local\Temp\4D5022EC.exe
file C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
file C:\Program Files (x86)\Microsoft Office\Office15\WORDICON.EXE
file C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw.exe
file C:\Program Files (x86)\Google\Update\1.3.36.101\GoogleUpdate.exe
file C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE
file C:\Python27\Lib\site-packages\setuptools\cli-32.exe
file C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssvagent.exe
file C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
file C:\Program Files (x86)\Microsoft Office\Office15\DCF\DATABASECOMPARE.EXE
file C:\Program Files (x86)\Google\Update\1.3.36.101\GoogleUpdateBroker.exe
file C:\Windows\svchost.com
file C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
file C:\Users\test22\AppData\Local\Temp\783E233F.exe
file C:\Python27\Scripts\easy_install.exe
file C:\MSOCache\All Users\{91150000-0011-0000-0000-0000000FF1CE}-C\ose.exe
file C:\ProgramData\Oracle\Java\javapath\java.exe
file C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.36.102\GoogleUpdateSetup.exe
file C:\Program Files (x86)\Microsoft Office\Office15\CNFNOT32.EXE
file C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOICONS.EXE
file C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\Office Setup Controller\ODeploy.exe
file C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\LICLUA.EXE
file C:\Program Files (x86)\Google\Update\1.3.36.101\GoogleCrashHandler64.exe
file C:\Program Files (x86)\Hnc\Common80\HimTrayIcon.exe
file C:\Program Files (x86)\Java\jre1.8.0_131\bin\unpack200.exe
file C:\Program Files (x86)\Microsoft Office\Office15\POWERPNT.EXE
file C:\Program Files (x86)\Hnc\Hwp80\HwpFinder.exe
file C:\Users\test22\AppData\Local\Temp\76911905.exe
file C:\Program Files (x86)\Hnc\HncUtils\HncInfo.exe
file C:\Users\test22\AppData\Local\Temp\467673ea.bat
file C:\Program Files (x86)\EditPlus\editplus.exe
file C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
file C:\Program Files (x86)\Microsoft Office\Office15\PDFREFLOW.EXE
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t64.exe
file C:\MSOCache\All Users\{91150000-0011-0000-0000-0000000FF1CE}-C\setup.exe
file C:\Program Files (x86)\Hnc\Hwp80\HwpPrnMng.exe
file C:\Python27\Lib\site-packages\pip\_vendor\distlib\t32.exe
file C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe
file C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe
file C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\FLTLDR.EXE
file C:\Program Files (x86)\Common Files\Adobe\__ARM\1.0\AdobeARM.exe
file C:\Program Files (x86)\Mozilla Thunderbird\minidump-analyzer.exe
file C:\Program Files (x86)\Google\Update\Install\{9946EF02-26CF-4F0D-BC28-8677420F30DD}\GoogleUpdateSetup.exe
file C:\Program Files (x86)\Microsoft Analysis Services\AS OLEDB\110\SQLDumper.exe
file C:\Users\test22\AppData\Local\Temp\mNXfxi.exe
file C:\Users\test22\AppData\Local\Temp\3582-490\log2.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\467673ea.bat
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\467673ea.bat
1 1 0
cmdline "C:\Windows\sysnative\cmd" /c "C:\Users\test22\AppData\Local\Temp\C0F9.tmp\C129.tmp\C13A.bat C:\Users\test22\AppData\Local\Temp\3582-490\log2.exe"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\(Default) reg_value C:\Windows\svchost.com "%1" %*
file C:\Users\test22\AppData\Local\Temp\C0F9.tmp\C129.tmp
file C:\Users\test22\AppData\Local\Temp\C0F9.tmp
file C:\Users\test22\AppData\Local\Temp\3582-490\log2.exe
file C:\Users\test22\AppData\Local\Temp\467673ea.bat