Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 30, 2025, 7:30 p.m.	Jan. 30, 2025, 7:33 p.m.

Size	3.4MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`074ca842ea52396751bb6015979f2f79`
SHA256	`644676713bdf4b81f8ec0a3a96a8f861c500a41a24a1cc4e93a3ee0c171bcba8`
CRC32	`6C885600`
ssdeep	`98304:8fUbK7jkYWHLX4ntIAvQGRhXZlg4Rj9hrwq8jj6Y+NU:8fUW7gYAL46AvQGRtZqmBhsq8KYYU`
PDB Path	C:\agent\_work\8\s\build\ship\x86\burn.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature CAB_file_format - CAB archive file Admin_Tool_IN_Zero - Admin Tool Sysinternals Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet IsPE32 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

BQEHIQAG.exe "C:\Users\test22\AppData\Local\Temp\BQEHIQAG.exe"
2560
- BQEHIQAG.exe "C:\Windows\Temp\{8AAC0582-87E2-4EE0-BDB2-D62C053E3C1E}\.cr\BQEHIQAG.exe" -burn.clean.room="C:\Users\test22\AppData\Local\Temp\BQEHIQAG.exe" -burn.filehandle.attached=200 -burn.filehandle.self=208
  2656

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 30, 2025, 7:30 p.m.			0	0

pdb_path

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 30, 2025, 7:30 p.m.		1	1	0

section

.wixburn

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Jan. 30, 2025, 7:30 p.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1	0	0

file	C:\Windows\Temp\{8AAC0582-87E2-4EE0-BDB2-D62C053E3C1E}\.cr\BQEHIQAG.exe
file	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\DBDownloader.exe
file	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\Curette.dll
file	C:\Windows\Temp\{78E6D183-A10A-4256-B04E-AA03E751D459}\.ba\Zip.dll

file	C:\Windows\Temp\{8AAC0582-87E2-4EE0-BDB2-D62C053E3C1E}\.cr\BQEHIQAG.exe

Time & API	Arguments	Return
RegOpenKeyExW Jan. 30, 2025, 7:30 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5942ae50-8b64-4332-a8cc-a45635f043f3} base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5942ae50-8b64-4332-a8cc-a45635f043f3}	2
RegOpenKeyExW Jan. 30, 2025, 7:30 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5942ae50-8b64-4332-a8cc-a45635f043f3}.RebootRequired base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5942ae50-8b64-4332-a8cc-a45635f043f3}.RebootRequired	2
RegOpenKeyExW Jan. 30, 2025, 7:30 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5942ae50-8b64-4332-a8cc-a45635f043f3} base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000001 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5942ae50-8b64-4332-a8cc-a45635f043f3}	2

Lionic	Trojan.Win32.Penguish.4!c
CAT-QuickHeal	Trojan.Penguish
Skyhigh	BehavesLike.Win32.Dropper.wc
Cylance	Unsafe
VIPRE	Trojan.Generic.37352096
Sangfor	Trojan.Win32.Agent.A0s5
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.Generic.37352096
K7GW	Trojan-Downloader ( 005bf3f81 )
K7AntiVirus	Trojan-Downloader ( 005bf3f81 )
Arcabit	Trojan.Generic.D239F2A0
VirIT	Trojan.Win32.CabDrp.HPE
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	multiple detections
Avast	Win32:Malware-gen
Kaspersky	Trojan.Win32.Penguish.dpc
Alibaba	TrojanDownloader:Win32/Penguish.2efae865
MicroWorld-eScan	Trojan.Generic.37352096
Emsisoft	Trojan.Generic.37352096 (B)
F-Secure	Trojan.TR/Dldr.Rugmi.fgqex
DrWeb	Program.Unwanted.5065
TrendMicro	TrojanSpy.Win32.LUMMASTEALER.YXFAYZ
McAfeeD	ti!644676713BDF
CTX	exe.trojan.penguish
Sophos	Mal/Generic-S
FireEye	Trojan.Generic.37352096
Jiangmin	Trojan.Penguish.eg
Google	Detected
Avira	TR/AVI.Agent.xuqnx
Antiy-AVL	Trojan/Win32.Penguish
Kingsoft	Win32.Trojan.Penguish.dpc
Gridinsoft	Trojan.Win32.Agent.sa
Xcitium	Malware@#1i2ibxg0640ys
Microsoft	Trojan:Win32/Casdet!rfn
GData	Win32.Trojan.Agent.PCI5WM
Varist	W32/ABTrojan.VPLN-5050
AhnLab-V3	Trojan/Win.Generic.C5721866
McAfee	Artemis!074CA842EA52
DeepInstinct	MALICIOUS
VBA32	Trojan.Penguish
Malwarebytes	Malware.AI.3821216508
Ikarus	Trojan-Downloader.Win32.Rugmi
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win32.LUMMASTEALER.YXFAYZ
Tencent	Malware.Win32.Gencirc.11d171f2
MaxSecure	Trojan.Malware.324532223.susgen
Fortinet	Riskware/NDAoF
AVG	Win32:Malware-gen
Paloalto	generic.ml

BQEHIQAG.exe