Analysis
-
max time kernel
287s -
max time network
337s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
27-11-2022 03:53
General
-
Target
QQռӪʦ/ѣyxʦ.exe
-
Size
1.8MB
-
MD5
15bf3375a847a847e1c5ecc4eec90845
-
SHA1
2bfade13676ee4e1a3670ee0e2680b946efcd6f4
-
SHA256
e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af
-
SHA512
2418543fe65af6dccc55d36c6bb536a769b1d6730d5a69e467ca6b20aedc70eb398a43d9c58004f43428fbcf6f258bc8d977df236c78322eaefdddb875b0d516
-
SSDEEP
49152:XD1UWvG0Oc2ztMbxd3FaxB/LlKybwsicwc2AGky:XeW+0OTWbxjGBzlKybjirk
Score
8/10
Malware Config
Signatures
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file 2 IoCs
Detects executables packed with VMProtect commercial packer.
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\QQռӪʦ\ѣyxʦ.exe"C:\Users\Admin\AppData\Local\Temp\QQռӪʦ\ѣyxʦ.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1628-132-0x0000000000400000-0x0000000000802000-memory.dmpFilesize
4.0MB
-
memory/1628-133-0x0000000002A80000-0x0000000002C4D000-memory.dmpFilesize
1.8MB
-
memory/1628-135-0x0000000002A80000-0x0000000002C4D000-memory.dmpFilesize
1.8MB
-
memory/1628-139-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-140-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-141-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-143-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-145-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-147-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-149-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-151-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-153-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-155-0x0000000002A80000-0x0000000002C4D000-memory.dmpFilesize
1.8MB
-
memory/1628-157-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-159-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-161-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-163-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-165-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-167-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-169-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-171-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-173-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-175-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-177-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-179-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-181-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-183-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/1628-184-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB