Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 5, 2024, 11:03 a.m.	Aug. 5, 2024, 11:13 a.m.

Size	36.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`814b21e6d086af54d0f76290622ad1db`
SHA256	`18e31034a87fe05d55eb89412e21cf9139f4aa5d50bf4a01679e2978deefd556`
CRC32	`5C390B95`
ssdeep	`768:xnOmPsOqok4CfA38QOXn0FPuZstkJLRx3:xOmPsOqAC4MQOwuZs095`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

killer.exe "C:\Users\test22\AppData\Local\Temp\killer.exe"
1372
- cmd.exe cmd /c ""C:\Users\test22\AppData\Local\Temp\C0E9.tmp\2.bat" "C:\Users\test22\AppData\Local\Temp\killer.exe""
  2160

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 5, 2024, 10:56 a.m.			0	0

Time & API	Arguments	Status	Return
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: #TIMEOUT console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: /T 600 /NOBREAK console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: '#TIMEOUT' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x000000000000000b	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: echo console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: "Hello World" console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: "Hello World" console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: #TASKKILL console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: /f /IM cve.exe console_handle: 0x0000000000000007	1	1
WriteConsoleW Aug. 5, 2024, 10:56 a.m.	buffer: '#TASKKILL' is not recognized as an internal or external command, operable program or batch file. console_handle: 0x000000000000000b	1	1

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 5, 2024, 10:56 a.m.		1	1	0

file	C:\Users\test22\AppData\Local\Temp\C0E9.tmp\2.bat

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Aug. 5, 2024, 10:56 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\C0E9.tmp\2.bat parameters: "C:\Users\test22\AppData\Local\Temp\killer.exe" filepath: C:\Users\test22\AppData\Local\Temp\C0E9.tmp\2.bat	1	1	0

section

{u'size_of_data': u'0x00008600', u'virtual_address': u'0x00011000', u'entropy': 7.952059231369413, u'name': u'UPX1', u'virtual_size': u'0x00009000'}

entropy

7.95205923137

description

A section with a high entropy has been found

entropy

0.943661971831

description

Overall entropy of this PE file is high

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

cmdline

C:\Users\test22\AppData\Local\Temp\C0E9.tmp\2.bat "C:\Users\test22\AppData\Local\Temp\killer.exe"

file	C:\Users\test22\AppData\Local\Temp\C0E9.tmp\2.bat
file	C:\Users\test22\AppData\Local\Temp\C0E9.tmp

file	C:\Users\test22\AppData\Local\Temp\C0E9.tmp\2.bat

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Convagent.4!c
Elastic	malicious (moderate confidence)
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Generic.nc
ALYac	Trojan.GenericKD.63547211
Cylance	Unsafe
VIPRE	Trojan.GenericKD.63547211
Sangfor	Trojan.Win32.Convagent.Vdv9
K7AntiVirus	Riskware ( 00584baa1 )
BitDefender	Trojan.GenericKD.63547211
K7GW	Riskware ( 00584baa1 )
Cybereason	malicious.6d086a
VirIT	Backdoor.Win32.Generic.KKE
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
APEX	Malicious
McAfee	RDN/Real Protect-LS
Avast	Win64:Malware-gen
ClamAV	Win.Trojan.Generic-7440302-0
Kaspersky	VHO:Trojan.Win32.Convagent.gen
Alibaba	Trojan:Win64/Genric.7f89cf12
MicroWorld-eScan	Trojan.GenericKD.63547211
Rising	Trojan.Convagent!8.12323 (CLOUD)
Emsisoft	Trojan.Agent (A)
DrWeb	Win32.HLLW.Autoruner2.51353
Zillya	Trojan.Convagent.Win32.12556
TrendMicro	TROJ_GEN.R011C0PGF24
McAfeeD	Real Protect-LS!814B21E6D086
FireEye	Generic.mg.814b21e6d086af54
Sophos	Generic Reputation PUA (PUA)
Jiangmin	Trojan/PSW.Ruftar.gcx
Webroot	W32.Trojan.Gen
Google	Detected
Antiy-AVL	Trojan/Win32.Convagent
Kingsoft	Win32.Trojan.Convagent.gen
Arcabit	Trojan.Generic.D3C9A74B
ZoneAlarm	VHO:Trojan.Win32.Convagent.gen
GData	Trojan.GenericKD.63547211
Varist	W64/ABTrojan.SLDF-1866
AhnLab-V3	Malware/Win.Generic.C5303562
TACHYON	Trojan/W64.SchoolGirl.73216
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R011C0PGF24
MAX	malware (ai score=85)
Fortinet	W64/CoinMiner.MB!tr
AVG	Win64:Malware-gen
Paloalto	generic.ml

killer.exe