c4753a51cb5c4b58ac104c068162e53340019bd0539d612925b5f239ee4e6363

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QQSweeper.exe
Size

1.3MB
MD5

002b718f5a3e67ae459ed01e0953e25d
SHA1

9696a8585b121c6c641bb859c73cb1fda7fdbaf0
SHA256

c3efde2e9b75114be2ff483801df77f4db90ee57d26dfd633689ba1a41d9a426
SHA512

f86ba5de3b94dffc9d3ca7d75071132e3d7ef52a44ad654f65ed5f71b3ef13b52427b7c495b1dc95cfdecc6e3bda39665a95bd40785421da5834dbfb5524b776
SSDEEP

24576:1WfLP0sx8qlr0V+w1rpy+1q4u6SDKB4Okj/oLEIwdn3ZbgK/cRgOnmq9g6szAe+:+P0sx8yw1Q+3u04Okj/oLTSfcOU7m6h

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	QQSweeper.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
264	QQSweeper.exe
264	QQSweeper.exe
264	QQSweeper.exe

C:\Users\Admin\AppData\Local\Temp\QQSweeper.exe
"C:\Users\Admin\AppData\Local\Temp\QQSweeper.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/264-0-0x0000000000400000-0x00000000006B1000-memory.dmp

Filesize
2.7MB

Download
memory/264-2-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/264-1-0x00000000024E0000-0x0000000002540000-memory.dmp

Filesize
384KB

Download
memory/264-3-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/264-28-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/264-39-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/264-38-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/264-37-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/264-36-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/264-35-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/264-34-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/264-33-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/264-32-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/264-31-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/264-30-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/264-29-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/264-27-0x00000000035C0000-0x00000000035C3000-memory.dmp

Filesize
12KB

Download
memory/264-26-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/264-25-0x0000000003660000-0x0000000003662000-memory.dmp

Filesize
8KB

Download
memory/264-24-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/264-23-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/264-22-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/264-40-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/264-21-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/264-42-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/264-41-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/264-20-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/264-19-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/264-18-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/264-17-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/264-16-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/264-15-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/264-14-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/264-13-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/264-12-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/264-11-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/264-10-0x00000000035D0000-0x00000000035D3000-memory.dmp

Filesize
12KB

Download
memory/264-9-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/264-8-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/264-7-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/264-6-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/264-5-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/264-4-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/264-43-0x0000000000400000-0x00000000006B1000-memory.dmp

Filesize
2.7MB

Download
memory/264-44-0x00000000024E0000-0x0000000002540000-memory.dmp

Filesize
384KB

Download
memory/264-45-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/264-47-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads