Overview

overview

8

Static

static

8

QQ网域�...��.url

windows7-x64

1

QQ网域�...��.url

windows10-2004-x64

1

网域帝�...��.url

windows7-x64

1

网域帝�...��.url

windows10-2004-x64

1

腾讯cook...��.exe

windows7-x64

8

腾讯cook...��.exe

windows10-2004-x64

8

视频.exe

windows7-x64

1

视频.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    152s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    腾讯cookis利用.exe

  • Size

    1.8MB

  • MD5

    ef465a19e8fb00180fe12ee2b4cdc27f

  • SHA1

    8a9db7680d745939d233a1a6ca2472454e86288c

  • SHA256

    d0fb60409eb0828a21c867c8e9b03bba9be4461907cebbdeae8433ade6e2fb6d

  • SHA512

    e9a18f629e5a3b4bdbea1bc394f9e9d00b36b41d3bfa7ce19f25773e8161f46c86ff1b086f6a2b1fafbd051c8430b2f5ea908895d86587a8da5c4cc6b92204eb

  • SSDEEP

    49152:Bj0eJBSzjBPQWP2qxOb1prKpKrVq+AbLsZVwm:Bj08mjBI9Fb1pZRsQ2

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\腾讯cookis利用.exe
    "C:\Users\Admin\AppData\Local\Temp\腾讯cookis利用.exe"
    1⤵
    • Modifies Internet Explorer start page
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.qqbangshou.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    b759a0a7bbd4d3dbabdad1c71c71886b

    SHA1

    dbeb2c1fceed27012fd715da580be3fa3769fe2b

    SHA256

    59ecaace1568fa6605d2e04c9fabc2d365f88fe914abf2181ef7e27ffdf09dc7

    SHA512

    60e7987f2cf7a4654d9677e6c18df193c9a30ccd9f6c87440cdc726505a6c4376c36a62b69d5836ade713d0c0f5ee84adecaaa62f9493253818b225ec3e95003

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\QH0V2Z0O.txt
    Filesize

    606B

    MD5

    8627fe813600684e02bfd9cf02c0c6d0

    SHA1

    5d92a209a7d48de31fe2ae922428d8007f9ddfc2

    SHA256

    dd10e3e305ef2d549eabdf63ecb9688350202e729bb4809a652d46d310c70bf9

    SHA512

    e36652e1e4eadf24f7edf00c9d631320193f4543d3d847164bdffadf3e27189294b78ac321d859ec382954959a879f43fcd59c3e58f41cc70ff1fd1b12318995

    Download Submit
  • memory/1864-54-0x0000000075911000-0x0000000075913000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1864-55-0x0000000000400000-0x0000000000868000-memory.dmp
    Filesize

    4.4MB

    Download
  • memory/1864-56-0x0000000000400000-0x0000000000868000-memory.dmp
    Filesize

    4.4MB

    Download