10c3a1fad014b10ae39aad5049fd5a2d3bfce4c06e27d7b3458fd6ae85532057

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 06:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QQɳ˿ˢ.exe
Size

868KB
MD5

10aa7f0b8708bf31d08ec04ffa59273e
SHA1

61d5a82211a377b52027ed7a48ef84a3b3795b4b
SHA256

5089c1c26937f0a7b7df0aa1c0c08368a655cbab763250445566f6189d063b45
SHA512

e117bfbbdf5ee24629a2acb0719baf29761aa4238aafbcbe517f86179b35a161accef572aa987f8f0c12335e39b4f64cde2a568e9e6a57a4e6fc37df62db0efb
SSDEEP

12288:Urq7BDmhsWqWMAZ9SNTRyz2hgg6TaOl2x3e6eBJ1aR5nWFpPoSDx9Tmp66:KqB6hsWNnAdy6hglTaO16IJ1Bb1SpX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4680-132-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-134-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-136-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-138-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-142-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-151-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-153-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-155-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-157-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-159-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-161-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-163-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-165-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-167-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-169-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-171-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-173-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4680-175-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.2345.com/?k1902203"	QQɳ˿ˢ.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4680	QQɳ˿ˢ.exe
4680	QQɳ˿ˢ.exe
4680	QQɳ˿ˢ.exe

C:\Users\Admin\AppData\Local\Temp\QQɳ˿ˢ.exe
"C:\Users\Admin\AppData\Local\Temp\QQɳ˿ˢ.exe"
1⤵
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
PID:4680

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4680-132-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-134-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-136-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-138-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-142-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-151-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-153-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-155-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-157-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-159-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-161-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-163-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-165-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-167-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-169-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-171-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-173-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4680-175-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download