Overview

overview

8

Static

static

3

177ee85e35...07.exe

windows7-x64

8

177ee85e35...07.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    177ee85e358bfe3cc4002a5cf22cc707.exe

  • Size

    63KB

  • MD5

    177ee85e358bfe3cc4002a5cf22cc707

  • SHA1

    0004aa0a0cc0ef47358e30167817bdd972cfd17d

  • SHA256

    6e01ca48a7be6a9803f00bbc7bbe4c07a4473d404743e879fd6924e8ea018c5e

  • SHA512

    66d5c3aab461ec361a7c0a844b165b265e925bf89216098f0dc9b30ec2065bc51fdd1f823519708abc19ccb069cdc072d157bfc3925b0650fa5b577ac753507a

  • SSDEEP

    1536:JQCfO0GMm8k0cR8dpw80Tz7WuyhbTEEMeazKsLXrNQ3faw7:qKXJPldq8QWuKTEmqrmaw7

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\177ee85e358bfe3cc4002a5cf22cc707.exe
    "C:\Users\Admin\AppData\Local\Temp\177ee85e358bfe3cc4002a5cf22cc707.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:284
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k Mozilla Firefox
    1⤵
      PID:3056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\qqqavi.dll
      Filesize

      91KB

      MD5

      49b91421bbe49a30c7731faadf592b19

      SHA1

      2fe3db027365c1dcb702f0460cbef82847ba40e8

      SHA256

      3fe69ba3da2fc2b724bdd94ad13087212e6e8a97112a6f4dc1b24d81bfcd22fe

      SHA512

      ed7130f1e2c6918b8ab65b8c1ef39a58278dbb3c23501bc76d57e62f169e4deec72bbad2bc6bade0c19dd99206170cef167c2a417e4cfad4d14f6d15dacea437

      Download Submit

    • memory/284-0-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download

    • memory/284-5-0x0000000010000000-0x000000001001B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/284-6-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download