Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 5, 2024, 11:03 a.m.	Aug. 5, 2024, 11:20 a.m.

Size	36.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`da72c93960a58f7fc95220cd8428b548`
SHA256	`78d137ca381a4a8e1412b52f4706006e61b2abcef87fae0b296f0200b0af9eed`
CRC32	`13B8CBCF`
ssdeep	`384:BijEOALCtPQNH8Ry3s+OhsqZ57I4z48nh5bJxsX9/dikytQ7IZh5Msn0JSOJ53en:BnOmPsOqok4CfA38QOXn0FPuZstk3j3`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

kill.exe "C:\Users\test22\AppData\Local\Temp\kill.exe"
2336
- cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\FCF8.tmp\1.bat" "C:\Users\test22\AppData\Local\Temp\kill.exe""
  2416

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 5, 2024, 10:56 a.m.			0	0

Time & API	Arguments	Status	Return
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: #"C:\Windows\System32\taskkill.exe" console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: /f /IM killer.exe console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: The filename, directory name, or volume label syntax is incorrect. console_handle: 0x000000000000000b	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: echo console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: "Hello World" console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: "Hello World" console_handle: 0x0000000000000007	1	1

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 5, 2024, 10:56 a.m.		1	1	0

file	C:\Users\test22\AppData\Local\Temp\FCF8.tmp\1.bat

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Aug. 5, 2024, 10:56 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\FCF8.tmp\1.bat parameters: "C:\Users\test22\AppData\Local\Temp\kill.exe" filepath: C:\Users\test22\AppData\Local\Temp\FCF8.tmp\1.bat	1	1	0

section

{u'size_of_data': u'0x00008600', u'virtual_address': u'0x00011000', u'entropy': 7.952186716626012, u'name': u'UPX1', u'virtual_size': u'0x00009000'}

entropy

7.95218671663

description

A section with a high entropy has been found

entropy

0.943661971831

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

cmdline

C:\Users\test22\AppData\Local\Temp\FCF8.tmp\1.bat "C:\Users\test22\AppData\Local\Temp\kill.exe"

file	C:\Users\test22\AppData\Local\Temp\FCF8.tmp\1.bat
file	C:\Users\test22\AppData\Local\Temp\FCF8.tmp

file	C:\Users\test22\AppData\Local\Temp\FCF8.tmp\1.bat

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Convagent.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Generic.nc
ALYac	Trojan.GenericKD.63547160
Cylance	Unsafe
VIPRE	Trojan.GenericKD.63547160
Sangfor	Trojan.Win32.Convagent.Vxq0
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Trojan.GenericKD.63547160
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.960a58
VirIT	Backdoor.Win32.Generic.KKE
Paloalto	generic.ml
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
APEX	Malicious
Avast	Win64:Malware-gen
ClamAV	Win.Trojan.Generic-7440302-0
Kaspersky	VHO:Trojan.Win32.Convagent.gen
Alibaba	Trojan:Win64/Genric.3dc46334
MicroWorld-eScan	Trojan.GenericKD.63547160
Rising	Trojan.Convagent!8.12323 (CLOUD)
Emsisoft	Trojan.Agent (A)
DrWeb	Win32.HLLW.Autoruner2.51353
Zillya	Trojan.Convagent.Win32.12552
TrendMicro	TROJ_GEN.R002C0PF724
McAfeeD	Real Protect-LS!DA72C93960A5
FireEye	Generic.mg.da72c93960a58f7f
Sophos	Generic Reputation PUA (PUA)
Jiangmin	Trojan/PSW.Ruftar.gcx
Antiy-AVL	Trojan/Win32.Convagent
Kingsoft	Win32.Trojan.Convagent.gen
Arcabit	Trojan.Generic.D3C9A718
ZoneAlarm	VHO:Trojan.Win32.Convagent.gen
GData	Trojan.GenericKD.63547160
Varist	W64/ABTrojan.ZTUU-6188
AhnLab-V3	Trojan/Win.RealProtect-LS.C5317323
TACHYON	Trojan/W64.SchoolGirl.73216
Malwarebytes	Generic.Malware.AI.DDS
TrendMicro-HouseCall	TROJ_GEN.R002C0PF724
MAX	malware (ai score=81)
Fortinet	W64/CoinMiner.MB!tr
AVG	Win64:Malware-gen
Panda	Trj/Chgt.AD
CrowdStrike	win/malicious_confidence_70% (D)
alibabacloud	Suspicious

kill.exe