98f76a4ec859da0c3afcda98b75650446865a040b6e6e5d37a919f2f9ea0eff9

Analysis

max time kernel
82s
max time network
87s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QQ玫瑰小镇管家辅助v22.3/QQ玫瑰小镇管家辅助v22.3.exe
Size

2.0MB
MD5

f4d4b7bb28dde12b7f3a6ab94997b59a
SHA1

1fe042257fe7620986da1d95876abc13929b1177
SHA256

6d4fe5e62c73d1a911d08d1e57e4b3cc620f344af941f387daa16aea66356242
SHA512

552d74fc8bc1131ef32686ba96a43e42a24e86c35d729763ddcf837cc329a671a4517f6af5c057e80fa983f43157022ba6ec30b890ced86823cd118bef84b190
SSDEEP

49152:ryzbsjBp5iUlw6/543e//2/1RL9hcvN9Lc/MrAE4OD:uz4HLaeau//2/1RLHcvnc/j4

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 13 IoCs

pid	Process
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	QQ玫瑰小镇管家辅助v22.3.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	QQ玫瑰小镇管家辅助v22.3.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	QQ玫瑰小镇管家辅助v22.3.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe
1736	QQ玫瑰小镇管家辅助v22.3.exe

C:\Users\Admin\AppData\Local\Temp\QQ玫瑰小镇管家辅助v22.3\QQ玫瑰小镇管家辅助v22.3.exe
"C:\Users\Admin\AppData\Local\Temp\QQ玫瑰小镇管家辅助v22.3\QQ玫瑰小镇管家辅助v22.3.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:1736

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1736-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/1736-56-0x0000000074C00000-0x0000000074C47000-memory.dmp

Filesize
284KB

Download
memory/1736-463-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-462-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-465-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-464-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-466-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-467-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/1736-468-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-469-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-470-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-471-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-472-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-473-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-474-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-475-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-476-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-477-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-478-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-480-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-479-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-481-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-482-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-483-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-484-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-485-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-486-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-488-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-487-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-489-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-490-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-491-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-492-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-494-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-493-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-495-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-496-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-497-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-498-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-499-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-500-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-501-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-502-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-503-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-504-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-505-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-506-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-507-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-509-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-508-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-510-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-511-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-513-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-512-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-514-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-515-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-516-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-517-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-518-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-519-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-520-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-521-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-522-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-523-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-524-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-1549-0x0000000002090000-0x0000000002190000-memory.dmp

Filesize
1024KB

Download
memory/1736-1550-0x0000000002280000-0x0000000002401000-memory.dmp

Filesize
1.5MB

Download
memory/1736-4616-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/1736-4617-0x00000000026C0000-0x00000000027C1000-memory.dmp

Filesize
1.0MB

Download
memory/1736-4618-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/1736-4619-0x0000000002090000-0x0000000002190000-memory.dmp

Filesize
1024KB

Download
memory/1736-4621-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/1736-4622-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads