Overview

overview

5

Static

static

ٷվ.url

windows7-x64

1

ٷվ.url

windows10-2004-x64

1

ڼQQ...te.exe

windows7-x64

1

ڼQQ...te.exe

windows10-2004-x64

1

ڼQQ....3.exe

windows7-x64

5

ڼQQ....3.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 03:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ڼQQռ˵˵ˢѻˢv6.3.exe

  • Size

    1.6MB

  • MD5

    e84eecaec2c12863e92b3a78aef9b236

  • SHA1

    118da847b2758ba6e4bb13e8ad8256a7c2f435b3

  • SHA256

    0705cc3dcaf62059db2cc13ff4e6719597fbd25ae6c5d423ef6562803eca04f0

  • SHA512

    b8dd6004d9ef1f12a9556fd7d999a75ac370751038296bc0c5ebdb03eb6484517615308b5107436b2ab35e0de813a98856c9544169910f065d16bfadc684532c

  • SSDEEP

    24576:8xG39LpNs1S7EkmAyn4cAZl3mbgJCkKUcFi8W13GqpRw5xMb3xFaFi7art:6GNjs1SYk1jc/EBKfk5bR8I3rct

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ڼQQռ˵˵ˢѻˢv6.3.exe
    "C:\Users\Admin\AppData\Local\Temp\ڼQQռ˵˵ˢѻˢv6.3.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4092

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4092-132-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-133-0x0000000077B30000-0x0000000077CD3000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4092-134-0x0000000077350000-0x0000000077565000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/4092-136-0x0000000077880000-0x0000000077A20000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4092-137-0x0000000075C80000-0x0000000075CFA000-memory.dmp

          Filesize

          488KB

          Download

        • memory/4092-1479-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-1480-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-1481-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-1482-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-1484-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-1485-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-1486-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download

        • memory/4092-1487-0x0000000010930000-0x0000000010938000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4092-1490-0x0000000000400000-0x0000000000659000-memory.dmp

          Filesize

          2.3MB

          Download