cf7b7ab4b0e8c086a1ab1453a59c4f2fcffb4c172bc260b76cccb6620a1bfc85 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

服务器软件.url

windows7-x64

1

服务器软件.url

windows10-2004-x64

脚本之家.url

windows7-x64

1

脚本之家.url

windows10-2004-x64

1

豪迪QQ�...CK.exe

windows7-x64

7

豪迪QQ�...CK.exe

windows10-2004-x64

7

豪迪QQ�...er.dll

windows7-x64

1

豪迪QQ�...er.dll

windows10-2004-x64

1

豪迪QQ�...r1.dll

windows7-x64

1

豪迪QQ�...r1.dll

windows10-2004-x64

1

豪迪QQ�...og.dll

windows7-x64

1

豪迪QQ�...og.dll

windows10-2004-x64

1

豪迪QQ�...fo.dll

windows7-x64

6

豪迪QQ�...fo.dll

windows10-2004-x64

6

豪迪QQ�...CA.exe

windows7-x64

6

豪迪QQ�...CA.exe

windows10-2004-x64

6

豪迪QQ�...qf.exe

windows7-x64

6

豪迪QQ�...qf.exe

windows10-2004-x64

6

豪迪QQ�...st.exe

windows7-x64

3

豪迪QQ�...st.exe

windows10-2004-x64

3

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:52

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

服务器软件.url

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

服务器软件.url

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

脚本之家.url

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

脚本之家.url

Resource

win10v2004-20220812-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CRACK.exe

Resource

win7-20220901-en

bootkit persistence

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral6

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CRACK.exe

Resource

win10v2004-20221111-en

bootkit persistence

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral7

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckUser.dll

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckUser.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckVer1.dll

Resource

win7-20221111-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/CheckVer1.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/Desklog.dll

Resource

win7-20221111-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/Desklog.dll

Resource

win10v2004-20221111-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/GetInfo.dll

Resource

win7-20221111-en

bootkit persistence

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral14

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/GetInfo.dll

Resource

win10v2004-20220812-en

bootkit persistence

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral15

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/crakc_YLCA.exe

Resource

win7-20221111-en

bootkit persistence

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral16

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/crakc_YLCA.exe

Resource

win10v2004-20220901-en

bootkit persistence

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral17

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/qqqf.exe

Resource

win7-20220812-en

bootkit persistence

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral18

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/qqqf.exe

Resource

win10v2004-20220812-en

bootkit persistence

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral19

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/uninst.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/uninst.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

豪迪QQ群发器 2014-06-18绿色版/豪迪QQ群发器 2014/uninst.exe
Size

47KB
MD5

3cdb3182f51828d1a15331f090b3d85c
SHA1

03808d0b19c46d0194ba1401335ef3c0d22ac2a6
SHA256

7bc043493ec68037750e82887dec7c3caad313879b2a93034898b466e871fd81
SHA512

5d24720f699bc4ad1af77a2e792fd0cce951025a613fa2d2b348e7980214baf5eeccbffa354944ffccee5b64b57287b268a76a263ac4d58d2c42f3b1747d39dc
SSDEEP

768:we3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJaVgd2iZQAm6kRRS+NoJRnuT4b:33cpyORJLuB4P4AJJMgdLeAyN14

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Processes

C:\Users\Admin\AppData\Local\Temp\豪迪QQ群发器 2014-06-18绿色版\豪迪QQ群发器 2014\uninst.exe
"C:\Users\Admin\AppData\Local\Temp\豪迪QQ群发器 2014-06-18绿色版\豪迪QQ群发器 2014\uninst.exe"
1⤵
PID:4900

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy