0c5ac5c2994e11164e3fb597916276e94ec41bffe143dc51b34e306923f972a6

Analysis

max time kernel
200s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QQ名片全自动工具 v1.0版(每日500).exe
Size

1.0MB
MD5

ebc87d9388c48d834048dd9b967bd26b
SHA1

8e0f5dbc39518c0116dc8288b79ab3540aaf3d06
SHA256

46b28f43f8f3bbd1b06c564da946cb9e313babbc94e6ee0cc51deb86a7d8fdcb
SHA512

a46d89e61b879523f4f3816538a3340f50278a5f2fd5530e69e73914bc81768846a9e169e1f3f19bd04a017d5a7c76b8cdd4e4adbf2bed4d08b3d8a82eb3e995
SSDEEP

12288:+5BE6REvEmgQSy3jpiPYvk4+RH3iucUpmDR5nWFpPoS1AW5QNUZUjuHJ:gFytSJBHbn95J

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1460-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-136-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-135-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-137-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-138-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-142-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-150-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-152-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-158-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-160-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-162-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-168-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-172-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-174-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-176-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1460-178-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 50 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "26721"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "28456"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "28469"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "28481"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21162"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "26721"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "28469"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "28481"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "25797"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "21162"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "25797"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "27579"	QQ名片全自动工具 v1.0版(每日500).exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "37"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "21162"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "26721"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "28447"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "28481"	QQ名片全自动工具 v1.0版(每日500).exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\International\CpMRU	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	QQ名片全自动工具 v1.0版(每日500).exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "37"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "25825"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "25863"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "28437"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "28456"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "28535"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25797"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "27579"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "28437"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "28447"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "28535"	QQ名片全自动工具 v1.0版(每日500).exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\DOMStorage\2345.com	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25825"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "27579"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "28437"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "28535"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "37"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\NumberOfSubdomains = "1"	QQ名片全自动工具 v1.0版(每日500).exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2345.com	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "25825"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25863"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "25863"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "28447"	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "28456"	QQ名片全自动工具 v1.0版(每日500).exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	QQ名片全自动工具 v1.0版(每日500).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "28469"	QQ名片全自动工具 v1.0版(每日500).exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2971393436-602173351-1645505021-1000\{C2977DD8-6BC2-483C-ACDB-924C5C7ED9B2}	QQ名片全自动工具 v1.0版(每日500).exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1460	QQ名片全自动工具 v1.0版(每日500).exe
1460	QQ名片全自动工具 v1.0版(每日500).exe
1460	QQ名片全自动工具 v1.0版(每日500).exe
1460	QQ名片全自动工具 v1.0版(每日500).exe
1460	QQ名片全自动工具 v1.0版(每日500).exe

C:\Users\Admin\AppData\Local\Temp\QQ名片全自动工具 v1.0版(每日500).exe
"C:\Users\Admin\AppData\Local\Temp\QQ名片全自动工具 v1.0版(每日500).exe"
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1460

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1460-132-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/1460-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-136-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-135-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-137-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-138-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-142-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-150-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-152-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-158-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-160-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-162-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-168-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-172-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-174-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-176-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-178-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1460-179-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download