c07a5efd7bc564a049f0f1b3b944c2bb96e388156f4bd09fa4f9d6345afc2448

Analysis

max time kernel
111s
max time network
106s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 15:04

Target

QQ连连看外挂.exe
Size

1.3MB
MD5

bfcbd064d40461622411609ad8290b38
SHA1

5f6d295b3f6b8e2b9be57ea7665fe4537ed0eaee
SHA256

6adf15272b4bd25a06a292569118ce37f22f1eecda32a93cbfdfc14b2e428b01
SHA512

fc7cd845833340eb8da5f1dbb6a6da5a7d51fad29c2cc70d1b683ceda26272c71856065f68850d2d1d71e67a8d09a9847e86e1e68dfe3093bb65b0846fe63feb
SSDEEP

24576:X5YXAz7LyAwqGzYWz5dSBd0ouCvDuE8Dx3TKYGcwnszYKuKGBiykpe4WNJgg:n7WKGzYG5cBKxCLUl3TKYGfszY/KGBGU

Score

1^/10

Modifies Internet Explorer settings 1 TTPs 1 IoCs

Modify Registry

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	QQ连连看外挂.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1172	QQ连连看外挂.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1172-54-0x0000000000400000-0x00000000006D2000-memory.dmp

Filesize
2.8MB

Download
memory/1172-55-0x00000000002F0000-0x00000000003E1000-memory.dmp

Filesize
964KB

Download
memory/1172-58-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/1172-59-0x0000000000400000-0x00000000006D2000-memory.dmp

Filesize
2.8MB

Download
memory/1172-60-0x0000000000400000-0x00000000006D2000-memory.dmp

Filesize
2.8MB

Download
memory/1172-61-0x0000000000400000-0x00000000006D2000-memory.dmp

Filesize
2.8MB

Download