Report - system.exe

Gen1 Emotet Generic Malware Malicious Library ASPack UPX Malicious Packer Admin Tool (Sysinternals etc ...) PE File PE32 OS Processor Check DLL ZIP Format DllRegisterServer dll
ScreenShot
Created 2024.08.05 07:56 Machine s1_win7_x6403
Filename system.exe
Type PE32 executable (GUI) Intel 80386, for MS Windows
AI Score Not founds Behavior Score
1.6
ZERO API file : malware
VT API (file)
md5 b79c7a3ce694f09a0b4aaa70a4c9fd29
sha256 d390da62f1e8d55a5ebbb805bce89ba3036d05950684a1ac3e57ef011d08b31a
ssdeep 393216:0HcgjmZZqbPmYRQK7+TvFDbQlNvoNG31QF7+okgc:GjmXqbrRQRvFDbKB1Iqx
imphash e13316896f1bb7a3715fb5c49f0ff2e9
impfuzzy 48:tn6gF/gub6okoQ54rzSv6xviMMke59a5JteSdlc+pICmcgTkOta0Kq14r:pfH9ne5gJteSdlc+pIptkiDHS
  Network IP location

Signature (5cnts)

Level Description
notice Creates executable files on the filesystem
notice Drops an executable to the user AppData folder
notice The binary likely contains encrypted or compressed data indicative of a packer
info Checks amount of memory in system
info Checks if process is being debugged by a debugger

Rules (21cnts)

Level Name Description Collection
danger Win32_Trojan_Emotet_1_Zero Win32 Trojan Emotet binaries (download)
danger Win32_Trojan_Emotet_2_Zero Win32 Trojan Emotet binaries (download)
danger Win32_Trojan_Gen_1_0904B0_Zero Win32 Trojan Emotet binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (download)
warning Generic_Malware_Zero Generic Malware binaries (upload)
watch Admin_Tool_IN_Zero Admin Tool Sysinternals binaries (download)
watch ASPack_Zero ASPack packed file binaries (upload)
watch Malicious_Library_Zero Malicious_Library binaries (download)
watch Malicious_Library_Zero Malicious_Library binaries (upload)
watch Malicious_Packer_Zero Malicious Packer binaries (download)
watch UPX_Zero UPX packed file binaries (download)
watch UPX_Zero UPX packed file binaries (upload)
info DllRegisterServer_Zero execute regsvr32.exe binaries (download)
info IsDLL (no description) binaries (download)
info IsPE32 (no description) binaries (download)
info IsPE32 (no description) binaries (upload)
info OS_Processor_Check_Zero OS Processor Check binaries (download)
info OS_Processor_Check_Zero OS Processor Check binaries (upload)
info PE_Header_Zero PE File Signature binaries (download)
info PE_Header_Zero PE File Signature binaries (upload)
info zip_file_format ZIP file format binaries (download)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids

PE API

IAT(Import Address Table) Library

USER32.dll
 0x4281b0 CreateWindowExW
 0x4281b4 PostMessageW
 0x4281b8 GetMessageW
 0x4281bc MessageBoxW
 0x4281c0 MessageBoxA
 0x4281c4 SystemParametersInfoW
 0x4281c8 DestroyIcon
 0x4281cc SetWindowLongW
 0x4281d0 GetWindowLongW
 0x4281d4 GetClientRect
 0x4281d8 InvalidateRect
 0x4281dc ReleaseDC
 0x4281e0 GetDC
 0x4281e4 DrawTextW
 0x4281e8 GetDialogBaseUnits
 0x4281ec EndDialog
 0x4281f0 DialogBoxIndirectParamW
 0x4281f4 MoveWindow
 0x4281f8 SendMessageW
COMCTL32.dll
 0x428014 None
KERNEL32.dll
 0x42802c IsValidCodePage
 0x428030 GetStringTypeW
 0x428034 GetFileAttributesExW
 0x428038 HeapReAlloc
 0x42803c FlushFileBuffers
 0x428040 GetCurrentDirectoryW
 0x428044 GetACP
 0x428048 GetOEMCP
 0x42804c GetModuleHandleW
 0x428050 MulDiv
 0x428054 GetLastError
 0x428058 SetDllDirectoryW
 0x42805c CreateFileW
 0x428060 GetFinalPathNameByHandleW
 0x428064 CloseHandle
 0x428068 GetModuleFileNameW
 0x42806c CreateSymbolicLinkW
 0x428070 GetCPInfo
 0x428074 GetCommandLineW
 0x428078 GetEnvironmentVariableW
 0x42807c SetEnvironmentVariableW
 0x428080 ExpandEnvironmentStringsW
 0x428084 CreateDirectoryW
 0x428088 GetTempPathW
 0x42808c WaitForSingleObject
 0x428090 Sleep
 0x428094 GetExitCodeProcess
 0x428098 CreateProcessW
 0x42809c GetStartupInfoW
 0x4280a0 FreeLibrary
 0x4280a4 LoadLibraryExW
 0x4280a8 SetConsoleCtrlHandler
 0x4280ac FindClose
 0x4280b0 FindFirstFileExW
 0x4280b4 GetCurrentProcess
 0x4280b8 LocalFree
 0x4280bc FormatMessageW
 0x4280c0 MultiByteToWideChar
 0x4280c4 WideCharToMultiByte
 0x4280c8 GetEnvironmentStringsW
 0x4280cc FreeEnvironmentStringsW
 0x4280d0 GetProcessHeap
 0x4280d4 GetTimeZoneInformation
 0x4280d8 HeapSize
 0x4280dc WriteConsoleW
 0x4280e0 SetEndOfFile
 0x4280e4 GetProcAddress
 0x4280e8 GetCurrentThreadId
 0x4280ec UnhandledExceptionFilter
 0x4280f0 SetUnhandledExceptionFilter
 0x4280f4 TerminateProcess
 0x4280f8 IsProcessorFeaturePresent
 0x4280fc QueryPerformanceCounter
 0x428100 GetCurrentProcessId
 0x428104 DecodePointer
 0x428108 GetSystemTimeAsFileTime
 0x42810c InitializeSListHead
 0x428110 IsDebuggerPresent
 0x428114 RtlUnwind
 0x428118 SetLastError
 0x42811c EnterCriticalSection
 0x428120 LeaveCriticalSection
 0x428124 DeleteCriticalSection
 0x428128 InitializeCriticalSectionAndSpinCount
 0x42812c TlsAlloc
 0x428130 TlsGetValue
 0x428134 TlsSetValue
 0x428138 TlsFree
 0x42813c EncodePointer
 0x428140 RaiseException
 0x428144 GetCommandLineA
 0x428148 GetDriveTypeW
 0x42814c GetFileInformationByHandle
 0x428150 GetFileType
 0x428154 PeekNamedPipe
 0x428158 SystemTimeToTzSpecificLocalTime
 0x42815c FileTimeToSystemTime
 0x428160 GetFullPathNameW
 0x428164 RemoveDirectoryW
 0x428168 FindNextFileW
 0x42816c SetStdHandle
 0x428170 DeleteFileW
 0x428174 ReadFile
 0x428178 GetStdHandle
 0x42817c WriteFile
 0x428180 ExitProcess
 0x428184 GetModuleHandleExW
 0x428188 HeapFree
 0x42818c GetConsoleMode
 0x428190 ReadConsoleW
 0x428194 SetFilePointerEx
 0x428198 GetConsoleOutputCP
 0x42819c GetFileSizeEx
 0x4281a0 HeapAlloc
 0x4281a4 CompareStringW
 0x4281a8 LCMapStringW
ADVAPI32.dll
 0x428000 OpenProcessToken
 0x428004 GetTokenInformation
 0x428008 ConvertStringSecurityDescriptorToSecurityDescriptorW
 0x42800c ConvertSidToStringSidW
GDI32.dll
 0x42801c SelectObject
 0x428020 DeleteObject
 0x428024 CreateFontIndirectW

EAT(Export Address Table) is none



Similarity measure (PE file only) - Checking for service failure