10c3a1fad014b10ae39aad5049fd5a2d3bfce4c06e27d7b3458fd6ae85532057

General

Target

QQɳ˿ˢ.exe
Size

868KB
MD5

10aa7f0b8708bf31d08ec04ffa59273e
SHA1

61d5a82211a377b52027ed7a48ef84a3b3795b4b
SHA256

5089c1c26937f0a7b7df0aa1c0c08368a655cbab763250445566f6189d063b45
SHA512

e117bfbbdf5ee24629a2acb0719baf29761aa4238aafbcbe517f86179b35a161accef572aa987f8f0c12335e39b4f64cde2a568e9e6a57a4e6fc37df62db0efb
SSDEEP

12288:Urq7BDmhsWqWMAZ9SNTRyz2hgg6TaOl2x3e6eBJ1aR5nWFpPoSDx9Tmp66:KqB6hsWNnAdy6hglTaO16IJ1Bb1SpX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1252-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-61-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-63-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-65-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-67-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-69-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-71-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-73-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-75-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-79-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-77-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-83-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-81-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-85-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-89-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-87-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-93-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-91-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-97-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1252-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "www.2345.com/?k1902203"	QQɳ˿ˢ.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1252	QQɳ˿ˢ.exe
1252	QQɳ˿ˢ.exe
1252	QQɳ˿ˢ.exe

C:\Users\Admin\AppData\Local\Temp\QQɳ˿ˢ.exe
"C:\Users\Admin\AppData\Local\Temp\QQɳ˿ˢ.exe"
1⤵
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
PID:1252

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1252-54-0x0000000075551000-0x0000000075553000-memory.dmp

Filesize
8KB

Download
memory/1252-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-61-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-63-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-65-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-67-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-69-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-71-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-73-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-75-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-79-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-77-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-83-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-81-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-85-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-89-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-87-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-93-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-91-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-97-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1252-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing