4562160a2d37aa07c97fa784afe700cf0cb8ecb5d1cd2382e27bc40804d938e3

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21-12-2022 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

1.2MB
MD5

176cba6c54addf55ff9212f8635af268
SHA1

99b98dbc56d33073f4a1663b9c7866f673500ea6
SHA256

4562160a2d37aa07c97fa784afe700cf0cb8ecb5d1cd2382e27bc40804d938e3
SHA512

6b0eba2535e7153e41f9aca21440b0ee448096d5d6da134abfdcccba6dbdd5d9d051aa606cc1810af4d6b9b7bcc784eeb245f74c264c0dd41e96ce391686a023
SSDEEP

24576:qMGnno42KEVxeAL7x06blOSE3UHMxpWWEaTaeGyidv:Fo1GxplLE3UHOTTnidv

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1952	Qiyccos.exe
1160	Qiyccos.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 33 IoCs

pid	Process
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1952	Qiyccos.exe
1952	Qiyccos.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1160	Qiyccos.exe
1196	tmp.exe
1160	Qiyccos.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe
1196	tmp.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Qiyccos.exe	tmp.exe
File opened for modification	C:\Program Files (x86)\Qiyccos.exe	tmp.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1160	1952	Qiyccos.exe	29
PID 1952 wrote to memory of 1160	1952	Qiyccos.exe	29
PID 1952 wrote to memory of 1160	1952	Qiyccos.exe	29
PID 1952 wrote to memory of 1160	1952	Qiyccos.exe	29

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
PID:1196

C:\Program Files (x86)\Qiyccos.exe
"C:\Program Files (x86)\Qiyccos.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Qiyccos.exe
  "C:\Program Files (x86)\Qiyccos.exe" Win7
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Qiyccos.exe

Filesize
1.2MB

MD5
176cba6c54addf55ff9212f8635af268

SHA1
99b98dbc56d33073f4a1663b9c7866f673500ea6

SHA256
4562160a2d37aa07c97fa784afe700cf0cb8ecb5d1cd2382e27bc40804d938e3

SHA512
6b0eba2535e7153e41f9aca21440b0ee448096d5d6da134abfdcccba6dbdd5d9d051aa606cc1810af4d6b9b7bcc784eeb245f74c264c0dd41e96ce391686a023

Download Submit
C:\Program Files (x86)\Qiyccos.exe

Filesize
1.2MB

MD5
176cba6c54addf55ff9212f8635af268

SHA1
99b98dbc56d33073f4a1663b9c7866f673500ea6

SHA256
4562160a2d37aa07c97fa784afe700cf0cb8ecb5d1cd2382e27bc40804d938e3

SHA512
6b0eba2535e7153e41f9aca21440b0ee448096d5d6da134abfdcccba6dbdd5d9d051aa606cc1810af4d6b9b7bcc784eeb245f74c264c0dd41e96ce391686a023

Download Submit
C:\Program Files (x86)\Qiyccos.exe

Filesize
1.2MB

MD5
176cba6c54addf55ff9212f8635af268

SHA1
99b98dbc56d33073f4a1663b9c7866f673500ea6

SHA256
4562160a2d37aa07c97fa784afe700cf0cb8ecb5d1cd2382e27bc40804d938e3

SHA512
6b0eba2535e7153e41f9aca21440b0ee448096d5d6da134abfdcccba6dbdd5d9d051aa606cc1810af4d6b9b7bcc784eeb245f74c264c0dd41e96ce391686a023

Download Submit
memory/1160-9393-0x0000000000000000-mapping.dmp

Download
memory/1160-9397-0x0000000000400000-0x0000000000540000-memory.dmp

Filesize
1.2MB

Download
memory/1160-14158-0x0000000000400000-0x0000000000540000-memory.dmp

Filesize
1.2MB

Download
memory/1160-14157-0x0000000000540000-0x0000000000640000-memory.dmp

Filesize
1024KB

Download
memory/1160-14152-0x00000000021A0000-0x00000000022B1000-memory.dmp

Filesize
1.1MB

Download
memory/1160-10752-0x0000000002010000-0x0000000002191000-memory.dmp

Filesize
1.5MB

Download
memory/1160-10750-0x0000000000540000-0x0000000000640000-memory.dmp

Filesize
1024KB

Download
memory/1196-497-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-502-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-467-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-468-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-469-0x0000000000400000-0x0000000000540000-memory.dmp

Filesize
1.2MB

Download
memory/1196-470-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-471-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-474-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-473-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-472-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-475-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-476-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-477-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-479-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-478-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-480-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-482-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-481-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-483-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-484-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-485-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-487-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-486-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-488-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-489-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-490-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-492-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-491-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-493-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-495-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-494-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-496-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-465-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-498-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-499-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-501-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-500-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-466-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-503-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-504-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-505-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-506-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-507-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-508-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-509-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-510-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-511-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-512-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-513-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-514-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-516-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-515-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-517-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-518-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-520-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-519-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-521-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-522-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-524-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-523-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-1523-0x0000000001F00000-0x0000000002081000-memory.dmp

Filesize
1.5MB

Download
memory/1196-1522-0x0000000000540000-0x0000000000640000-memory.dmp

Filesize
1024KB

Download
memory/1196-4809-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-5328-0x0000000000540000-0x0000000000640000-memory.dmp

Filesize
1024KB

Download
memory/1196-14159-0x0000000000400000-0x0000000000540000-memory.dmp

Filesize
1.2MB

Download
memory/1196-54-0x0000000076531000-0x0000000076533000-memory.dmp

Filesize
8KB

Download
memory/1196-56-0x00000000764D0000-0x0000000076517000-memory.dmp

Filesize
284KB

Download
memory/1196-462-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-463-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1196-464-0x00000000021F0000-0x0000000002301000-memory.dmp

Filesize
1.1MB

Download
memory/1952-9388-0x00000000022F0000-0x0000000002401000-memory.dmp

Filesize
1.1MB

Download
memory/1952-6347-0x0000000002040000-0x00000000021C1000-memory.dmp

Filesize
1.5MB

Download
memory/1952-6345-0x0000000001EB0000-0x0000000001FB0000-memory.dmp

Filesize
1024KB

Download
memory/1952-5330-0x0000000000400000-0x0000000000540000-memory.dmp

Filesize
1.2MB

Download
memory/1952-9396-0x0000000000400000-0x0000000000540000-memory.dmp

Filesize
1.2MB

Download