Overview

overview

3

Static

static

3

cuh.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    11s
  • max time network
    7s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 12:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cuh.exe

  • Size

    149KB

  • MD5

    e4c38ce86194ddf52b036cf64c02018f

  • SHA1

    699c87e55189145b442aa46630b0ce068f3cbbc4

  • SHA256

    edcbc1f121039f71e4ed4c5f23024b2f571aa4c4b03820b1accc516fd794cd21

  • SHA512

    4aa410aff885755158418f7caca4fa6fb8863e042d7112b4a10d7bdb67cf7bbbbe0a2ff88be71423e1eedbf74e0dd2402f9495546d4d9b637d7f318866c19081

  • SSDEEP

    3072:u047EfZOFukNuBwxp2iwmaP/ZOFukNuBwxp2iwmaP6:pCGwf9wmaPBwf9wmaP

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cuh.exe
    "C:\Users\Admin\AppData\Local\Temp\cuh.exe"
    1⤵
      PID:440
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 1048
        2⤵
        • Program crash
        PID:2804
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 440 -ip 440
      1⤵
        PID:4660
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1596

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/440-0-0x00000000747DE000-0x00000000747DF000-memory.dmp

              Filesize

              4KB

              Download

            • memory/440-1-0x0000000000680000-0x00000000006AC000-memory.dmp

              Filesize

              176KB

              Download

            • memory/440-2-0x0000000005560000-0x0000000005B04000-memory.dmp

              Filesize

              5.6MB

              Download

            • memory/440-3-0x0000000005090000-0x0000000005122000-memory.dmp

              Filesize

              584KB

              Download

            • memory/440-4-0x0000000005150000-0x000000000515A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/440-5-0x00000000747D0000-0x0000000074F80000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/440-6-0x00000000747D0000-0x0000000074F80000-memory.dmp

              Filesize

              7.7MB

              Download

            • memory/1596-7-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-9-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-8-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-19-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-18-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-17-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-16-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-15-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-14-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1596-13-0x0000012E532D0000-0x0000012E532D1000-memory.dmp

              Filesize

              4KB

              Download