Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

5

CUQ3664-KD...EG.exe

windows7-x64

5

CUQ3664-KD...EG.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 04:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CUQ3664-KD BOQ21-06VAL-80DEG.exe

  • Size

    1.2MB

  • MD5

    8b7173b15296de1fe31b6725b6e71666

  • SHA1

    6e5f1a55514d7c210d0b06dde2e1249702cfd6f6

  • SHA256

    6d0d38dc2906500c8b9faac88aea78f05baa89d9d1ff4fbb158f494fb797ebaf

  • SHA512

    743ccaab20efe7a305a92881de5c081f0d96c909d3d32d33db79a7b3180d630caea3e2a287d24721915ba8347755b4c1cf29532702a417644cd5e2988e043836

  • SSDEEP

    24576:uCdxte/80jYLT3U1jfsWaaoHLvvm6/+JE84sUfjSQ:nw80cTsjkWaaSLvu6/++n

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CUQ3664-KD BOQ21-06VAL-80DEG.exe
    "C:\Users\Admin\AppData\Local\Temp\CUQ3664-KD BOQ21-06VAL-80DEG.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\CUQ3664-KD BOQ21-06VAL-80DEG.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\aut67B3.tmp
    Filesize

    280KB

    MD5

    65a1a64419660944eb5192d4fca4586a

    SHA1

    d94a5b5e0e408febae268e91bd7cb54385802415

    SHA256

    57ac2395c807ae2191bb68a5e4fb7f1f82c358dd9d6d900bbc49045a5794ac48

    SHA512

    94881d224f84d8e9697ea8230c5b260c3683bfa33749ceee514a742eb9b9e56fcec79fb9f7afd05185250f0912e508a01239614056b0831db388f32ebaaac9c7

    Download Submit

  • memory/2492-9-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2492-10-0x0000000000E00000-0x000000000114A000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2492-11-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2492-12-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2688-8-0x0000000001020000-0x0000000001420000-memory.dmp

    Filesize

    4.0MB

    Download