Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 8, 2024, 4:54 p.m.	Nov. 8, 2024, 5:11 p.m.

Size	172.0KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`2e933118fecbaf64bbd76514c47a2164`
SHA256	`5268359ebc3f9e709c8eee1fa9d3e7c579b3e4563fabb9c394abe0fe2e39137f`
CRC32	`9014E329`
ssdeep	`3072:xBtaM5EWCrATe105GWp1icKAArDZz4N9GhbkrNEk1lM:ZaM5zbp0yN90QEp`
PDB Path	wextract.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet CAB_file_format - CAB archive file Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet UPX_Zero - UPX packed file

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return
WriteConsoleW Nov. 8, 2024, 4:54 p.m.	buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP> console_handle: 0x0000000000000007	1	1
WriteConsoleW Nov. 8, 2024, 4:54 p.m.	buffer: reg console_handle: 0x0000000000000007	1	1
WriteConsoleW Nov. 8, 2024, 4:54 p.m.	buffer: DELETE HKEY_CLASSES_ROOT /f console_handle: 0x0000000000000007	1	1

pdb_path

wextract.pdb

resource name

AVI

file	C:\Users\test22\AppData\Local\Temp\IXP000.TMP\regdel.CMD

section

{u'size_of_data': u'0x0001c000', u'virtual_address': u'0x0000f000', u'entropy': 6.991573552946712, u'name': u'.rsrc', u'virtual_size': u'0x0001c000'}

entropy

6.99157355295

description

A section with a high entropy has been found

entropy

0.666666666667

description

Overall entropy of this PE file is high

cmdline

reg DELETE HKEY_CLASSES_ROOT /f

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0

reg_value

rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.KillReg.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Downloader.ch
ALYac	Trojan.GenericKD.62411766
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.62411766
K7GW	Trojan ( 00598ed51 )
K7AntiVirus	Trojan ( 00598ed51 )
Arcabit	Trojan.Generic.D3B853F6
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	BAT/KillReg.NAI
APEX	Malicious
Avast	FileRepMalware [Trj]
Kaspersky	Trojan.Win32.LuckeyJoke.i
Alibaba	Trojan:Win32/LuckeyJoke.ecb53bb4
NANO-Antivirus	Trojan.Win64.LuckeyJoke.jtaetg
MicroWorld-eScan	Trojan.GenericKD.62411766
Emsisoft	Trojan.GenericKD.62411766 (B)
F-Secure	Malware.BAT/KillReg.ydcjs
DrWeb	Trojan.KillProc2.18834
VIPRE	Trojan.GenericKD.62411766
McAfeeD	ti!5268359EBC3F
CTX	exe.trojan.killreg
Sophos	Mal/Generic-S
Ikarus	Trojan.BAT.Forkbomb
FireEye	Trojan.GenericKD.62411766
Google	Detected
Avira	BAT/KillReg.ydcjs
Kingsoft	Win32.Troj.Unknown.a
Microsoft	Trojan:Win32/Casdet!rfn
ZoneAlarm	Trojan.Win32.LuckeyJoke.i
GData	Trojan.GenericKD.62411766
Varist	W64/ABTrojan.EEWS-0341
McAfee	RDN/Generic.dx
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.927044511
Panda	Trj/Chgt.AD
Tencent	Win32.Trojan.Luckeyjoke.Swhl
MaxSecure	Trojan.Malware.1728101.susgen
Fortinet	W32/PossibleThreat
AVG	FileRepMalware [Trj]
Paloalto	generic.ml

hell9o.exe