Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 9, 2024, 10:07 a.m.	July 9, 2024, 10:09 a.m.

Size	7.1MB
Type	PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
MD5	`7524d560b667b8ed62f16bc59772d81f`
SHA256	`e88f233b6925f8bf72e0b89baaa1fc52d5c7fdc52f8018de86af8cb0e902709b`
CRC32	`A074F08F`
ssdeep	`98304:tPx1VR1MSpVQJu7ikcXqhKRgGJC1LIrip+M38GEcfNv3SsnFx3ai3i/bgkqf1nnH:dxHR1likZGgv1LH6cBSeqi3idqfVnPLD`
PDB Path	D:\a\wix\wix\build\burn\Release\x64\burn.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) CAB_file_format - CAB archive file UPX_Zero - UPX packed file Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check

install.exe "C:\Users\test22\AppData\Local\Temp\install.exe"
2068
- install.exe "C:\Windows\TEMP\{F2500F20-1137-43DF-AF52-FD6592584886}\.cr\install.exe" -burn.clean.room="C:\Users\test22\AppData\Local\Temp\install.exe" -burn.filehandle.attached=208 -burn.filehandle.self=204
  2180

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 9, 2024, 10:07 a.m.			0	0

pdb_path

D:\a\wix\wix\build\burn\Release\x64\burn.pdb

file	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\hardy.xlsx

file	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\Ladysmantle.dll
file	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\datastate.dll
file	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\pdfium.dll
file	C:\Windows\Temp\{F2500F20-1137-43DF-AF52-FD6592584886}\.cr\install.exe
file	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\pdf2bmp.dll
file	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\iTopDataRecovery.exe

Time & API	Arguments	Status	Return	Repeated
RegOpenKeyExW July 9, 2024, 10:07 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DE5A5E9-2B98-47FD-BEC6-92333B28F721} base_handle: 0xffffffff80000002 key_handle: 0x0000000000000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DE5A5E9-2B98-47FD-BEC6-92333B28F721}		2	0

file	C:\Windows\Temp\{F2500F20-1137-43DF-AF52-FD6592584886}\.cr\install.exe
file	C:\Windows\Temp\{709910E0-149B-4C9A-9252-53B87F118B0F}\.ba\iTopDataRecovery.exe

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
Skyhigh	Artemis!Trojan
ALYac	Gen:Variant.Midie.148833
Cylance	Unsafe
VIPRE	Gen:Variant.Midie.148833
Sangfor	Downloader.Win64.Rugmi.Vq8y
BitDefender	Gen:Variant.Midie.148833
Cybereason	malicious.0b667b
Arcabit	Trojan.Midie.D24561
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win64/TrojanDownloader.Rugmi.BT.gen
APEX	Malicious
McAfee	Artemis!7524D560B667
Avast	Win64:Malware-gen
Kaspersky	Trojan.Win32.Penguish.ccr
Alibaba	TrojanDownloader:Win64/Rugmi.e08ed471
MicroWorld-eScan	Gen:Variant.Midie.148833
Emsisoft	Gen:Variant.Midie.148833 (B)
F-Secure	Trojan.TR/AVI.Agent.zesgb
DrWeb	Program.Unwanted.5405
Zillya	Trojan.Penguish.Win32.211
TrendMicro	Backdoor.Win64.XWORM.YXEGHZ
McAfeeD	ti!E88F233B6925
FireEye	Gen:Variant.Midie.148833
Sophos	Mal/Generic-S
Ikarus	Win32.Outbreak
Google	Detected
Avira	TR/AVI.Agent.zesgb
MAX	malware (ai score=87)
Gridinsoft	Trojan.Win64.Downloader.sa
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	Trojan.Win32.Penguish.ccr
GData	Gen:Variant.Midie.148833
Varist	W64/ABTrojan.HNCH-9321
AhnLab-V3	Trojan/Win.Malware-gen.C5560857
DeepInstinct	MALICIOUS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	Backdoor.Win64.XWORM.YXEGHZ
Fortinet	Adware/Rugmi
AVG	Win64:Malware-gen
Paloalto	generic.ml
alibabacloud	Trojan[downloader]:Win/Rugmi.BS

install.exe