d51926e554664bcfb0dc9276401c6e49a8d656c7b451934f849ccb5daf3d5a47

Analysis

max time kernel
141s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

柒点工具.exe
Size

52KB
MD5

3711098b0cb58c228557c79331a6c358
SHA1

6326c0db7b658c751ada072c9c63a7304cb4a83f
SHA256

d51926e554664bcfb0dc9276401c6e49a8d656c7b451934f849ccb5daf3d5a47
SHA512

fd9124aa3e5eb09dbdf5d6e444355c6415bc18d1c77d837f03c31beea6e06e2121e9b663ac8d9f1d0e95ac0758838655b9b89386a6bf918d19a1ad0687f2983f
SSDEEP

768:Q+71YtumFohRdfdcq4dkbXirwZtF7Mr/jzmMN7OJv9EpxfcfpPEL7:LhiFo7dJokSwZbA3mMNnePEL

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2036	ServerTool.dll

Loads dropped DLL 2 IoCs

pid	Process
1144	柒点工具.exe
1144	柒点工具.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1144-54-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral1/files/0x000700000001424c-56.dat	upx
behavioral1/files/0x000700000001424c-61.dat	upx
behavioral1/files/0x000700000001424c-58.dat	upx
behavioral1/memory/1144-63-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral1/files/0x000700000001424c-62.dat	upx
behavioral1/memory/2036-64-0x0000000000400000-0x000000000041A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 2036	1144	柒点工具.exe	26
PID 1144 wrote to memory of 2036	1144	柒点工具.exe	26
PID 1144 wrote to memory of 2036	1144	柒点工具.exe	26
PID 1144 wrote to memory of 2036	1144	柒点工具.exe	26

C:\Users\Admin\AppData\Local\Temp\柒点工具.exe
"C:\Users\Admin\AppData\Local\Temp\柒点工具.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1144
- \??\c:\qdnet\tools\ServerTool.dll
  "c:\qdnet\tools\ServerTool.dll"
  2⤵
  - Executes dropped EXE
  PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\qdnet\tools\ServerTool.dll

Filesize
37KB

MD5
4bd0cd7f349d64acbb79734e3897c2b9

SHA1
5e37d1bc570eb1a0663f5c69524b2fcca6c570f5

SHA256
ef2c3a207c131e0875d2d83cc3908a4db02ba68f401aacef2625a84f5fe8b68c

SHA512
12c5aef76165c37aaf095d304352961a80147d3cbe45199beb5d9bb42faa1b71b97da750e841e5a3868ccdcf3e31badad636e18726b056b4d71e908ea7dcf373

Download Submit
C:\qdnet\tools\ServerTool.dll

Filesize
37KB

MD5
4bd0cd7f349d64acbb79734e3897c2b9

SHA1
5e37d1bc570eb1a0663f5c69524b2fcca6c570f5

SHA256
ef2c3a207c131e0875d2d83cc3908a4db02ba68f401aacef2625a84f5fe8b68c

SHA512
12c5aef76165c37aaf095d304352961a80147d3cbe45199beb5d9bb42faa1b71b97da750e841e5a3868ccdcf3e31badad636e18726b056b4d71e908ea7dcf373

Download Submit
\qdnet\tools\ServerTool.dll

Filesize
37KB

MD5
4bd0cd7f349d64acbb79734e3897c2b9

SHA1
5e37d1bc570eb1a0663f5c69524b2fcca6c570f5

SHA256
ef2c3a207c131e0875d2d83cc3908a4db02ba68f401aacef2625a84f5fe8b68c

SHA512
12c5aef76165c37aaf095d304352961a80147d3cbe45199beb5d9bb42faa1b71b97da750e841e5a3868ccdcf3e31badad636e18726b056b4d71e908ea7dcf373

Download Submit
\qdnet\tools\ServerTool.dll

Filesize
37KB

MD5
4bd0cd7f349d64acbb79734e3897c2b9

SHA1
5e37d1bc570eb1a0663f5c69524b2fcca6c570f5

SHA256
ef2c3a207c131e0875d2d83cc3908a4db02ba68f401aacef2625a84f5fe8b68c

SHA512
12c5aef76165c37aaf095d304352961a80147d3cbe45199beb5d9bb42faa1b71b97da750e841e5a3868ccdcf3e31badad636e18726b056b4d71e908ea7dcf373

Download Submit
memory/1144-54-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1144-63-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2036-64-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download