Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 13:59
Static task
static1
Behavioral task
behavioral1
Sample
smzy_2016小妹刷QB软件.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
smzy_2016小妹刷QB软件.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
数码资源网.url
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
数码资源网.url
Resource
win10v2004-20220414-en
General
-
Target
smzy_2016小妹刷QB软件.exe
-
Size
1.3MB
-
MD5
fda68efd40295fd40a620060a8fc9e72
-
SHA1
f77ed41fc1de0bd5ca99bdd5eefe98894be5ab01
-
SHA256
c107d5d3baa13dfdd1e91ee9aafc8583e0b1f7c86e721132fb37724625717049
-
SHA512
7dd384dc749025aa15c9a9e81db69ac46c1ae42cedc781849342433961187a366fbaaa7de36c413bc37168645337011e84d568c88d856527a8fd2bf66dcde527
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/1564-55-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-56-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-57-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-59-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-61-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-63-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-65-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-67-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-69-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-71-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-73-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-75-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-77-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-79-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-81-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-85-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-83-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-87-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-91-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-93-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-95-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-97-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-89-0x0000000010000000-0x000000001003E000-memory.dmp upx behavioral1/memory/1564-98-0x0000000010000000-0x000000001003E000-memory.dmp upx -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
smzy_2016小妹刷QB软件.exedescription ioc process File opened for modification \??\PhysicalDrive0 smzy_2016小妹刷QB软件.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
smzy_2016小妹刷QB软件.exepid process 1564 smzy_2016小妹刷QB软件.exe 1564 smzy_2016小妹刷QB软件.exe 1564 smzy_2016小妹刷QB软件.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1564-54-0x0000000075CD1000-0x0000000075CD3000-memory.dmpFilesize
8KB
-
memory/1564-55-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-56-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-57-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-59-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-61-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-63-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-65-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-67-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-69-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-71-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-73-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-75-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-77-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-79-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-81-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-85-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-83-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-87-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-91-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-93-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-95-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-97-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-89-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1564-98-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB