Overview

overview

8

Static

static

QQ空间�...te.exe

windows7-x64

7

QQ空间�...te.exe

windows10-2004-x64

7

QQ空间�...9x.exe

windows7-x64

1

QQ空间�...9x.exe

windows10-2004-x64

1

QQ空间�...Ke.dll

windows7-x64

1

QQ空间�...Ke.dll

windows10-2004-x64

1

QQ空间�...dz.exe

windows7-x64

8

QQ空间�...dz.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    44s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 07:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    QQ空间红警大战小工具/AutoUpdate.exe

  • Size

    2.2MB

  • MD5

    f6d0d18eb49322a1cca613512d7b451c

  • SHA1

    b6d0c63738bcbcfb70837f334a0a4b9bb76af52c

  • SHA256

    dec10d7466c30327f503654f6b7678833b8993847b1b6bbdf05158cfe14ad707

  • SHA512

    a6253d805f652e7c7ec31615cd08c8d7a979863c91b80d12eb115fd95b434505d920871155ffedf70050ec16def5151559da4d9c7a3a3662a2936dc51ae06d80

  • SSDEEP

    24576:AqqWU9pzgeUNmBbeQz9OIu4d1KCHwIkfS3vixtV7xYLUFsuZ3D4tc1omkpQcY/jK:AX9YYC+ruyJHEg4tV7eUFnpD5mQcY/W

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QQ空间红警大战小工具\AutoUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\QQ空间红警大战小工具\AutoUpdate.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    PID:1696

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\SkinH_EL.dll
          Filesize

          688KB

          MD5

          bd42ef63fc0f79fdaaeca95d62a96bbb

          SHA1

          97ca8ccb0e6f7ffeb05dc441b2427feb0b634033

          SHA256

          573cf4e4dfa8fe51fc8b80b79cd626cb861260d26b6e4f627841e11b4dce2f48

          SHA512

          431b5487003add16865538de428bf518046ee97ab6423d88f92cda4ff263f971c0cf3827049465b9288a219cc32698fd687939c7c648870dd7d8d6776735c93c

          Download Submit

        • memory/1696-54-0x00000000766D1000-0x00000000766D3000-memory.dmp

          Filesize

          8KB

          Download