3479e7ee256673ba85659b732500c026cd218f3d79e5596e1605660208d7faa0

Analysis

max time kernel
9s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3479e7ee256673ba85659b732500c026cd218f3d79e5596e1605660208d7faa0.dll
Size

2.6MB
MD5

c032571b2c494c02194f05e7f476e997
SHA1

0b524906ed83ec66969257393f0feaeb52048544
SHA256

3479e7ee256673ba85659b732500c026cd218f3d79e5596e1605660208d7faa0
SHA512

84df1b59e895b7127d398b7b96034821bc33d8247e7f7d4731815473a1463708be71ff2be5a292f62298ad46540c463e39e541762fb1569e19a1c82ead9b2197
SSDEEP

49152:PRP/ddeBQy1lPe22pKpUmmWmFekXPyZ7wlX7zSLxC2X6MYhRcdVhlC4JX4:J/ddeBQy1l2cUmmpFPPy+lrzSLU2X6bW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1916	kss.ini

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe
2128	rundll32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2128	rundll32.exe
Token: SeIncBasePriorityPrivilege	2128	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2128	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 2128	952	rundll32.exe	28
PID 952 wrote to memory of 2128	952	rundll32.exe	28
PID 952 wrote to memory of 2128	952	rundll32.exe	28
PID 952 wrote to memory of 2128	952	rundll32.exe	28
PID 952 wrote to memory of 2128	952	rundll32.exe	28
PID 952 wrote to memory of 2128	952	rundll32.exe	28
PID 952 wrote to memory of 2128	952	rundll32.exe	28
PID 2128 wrote to memory of 1916	2128	rundll32.exe	29
PID 2128 wrote to memory of 1916	2128	rundll32.exe	29
PID 2128 wrote to memory of 1916	2128	rundll32.exe	29
PID 2128 wrote to memory of 1916	2128	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3479e7ee256673ba85659b732500c026cd218f3d79e5596e1605660208d7faa0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3479e7ee256673ba85659b732500c026cd218f3d79e5596e1605660208d7faa0.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - \??\c:\kss.ini
    c:\kss.ini
    3⤵
    - Executes dropped EXE
    PID:1916
  - - C:\Program Files\QQExternal.exe
      "C:\Program Files\QQExternal.exe"
      4⤵
      PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\kss.ini

Filesize
1024KB

MD5
71cfcf952ad41f15a365cca8be58a838

SHA1
d21497c79e730e821153c82335f28d1478266ce5

SHA256
b61336362a736e46b43512995acffb95b0937907cfc24170671a2dbcd25e49e7

SHA512
c4b80d80a532e75899dc886292d6f86a097ca2bf647aeba8687a5f5c9f7e87f9280ba7075314a42165886cc9cead552949271452bd7db42f5575ec59f2db578d

Download Submit
memory/1768-17417-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1768-17416-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1768-17409-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1768-17410-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1768-17408-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1768-17402-0x00000000026E0000-0x00000000027F1000-memory.dmp

Filesize
1.1MB

Download
memory/1768-11258-0x0000000002430000-0x00000000025B1000-memory.dmp

Filesize
1.5MB

Download
memory/1768-8709-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1916-835-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-825-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-871-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-869-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-867-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-863-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-861-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-859-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-855-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-853-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-851-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-849-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-847-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-845-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-841-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-839-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-837-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-877-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-833-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-831-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-829-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-875-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-823-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-821-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-819-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-817-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-816-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-2553-0x00000000022D0000-0x0000000002451000-memory.dmp

Filesize
1.5MB

Download
memory/1916-8694-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-8708-0x0000000003780000-0x000000000395E000-memory.dmp

Filesize
1.9MB

Download
memory/1916-873-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-8701-0x0000000001D40000-0x0000000001D41000-memory.dmp

Filesize
4KB

Download
memory/1916-8700-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1916-10183-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1916-865-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-17399-0x0000000001D40000-0x0000000001D41000-memory.dmp

Filesize
4KB

Download
memory/1916-857-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-843-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-827-0x0000000002460000-0x0000000002571000-memory.dmp

Filesize
1.1MB

Download
memory/1916-17412-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1916-6-0x0000000076940000-0x0000000076987000-memory.dmp

Filesize
284KB

Download
memory/1916-17407-0x0000000003780000-0x000000000395E000-memory.dmp

Filesize
1.9MB

Download
memory/1916-5-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2128-4-0x00000000024D0000-0x00000000026AE000-memory.dmp

Filesize
1.9MB

Download