Overview

overview

10

Static

static

7

About.chm

windows7-x64

1

About.chm

windows10-2004-x64

10

Setup_s34.exe

windows7-x64

7

Setup_s34.exe

windows10-2004-x64

10

baid.exe

windows7-x64

7

baid.exe

windows10-2004-x64

10

bind_8152.exe

windows7-x64

7

bind_8152.exe

windows10-2004-x64

10

duisc.exe

windows7-x64

8

duisc.exe

windows10-2004-x64

10

edmtd.exe

windows7-x64

7

edmtd.exe

windows10-2004-x64

10

itadx.exe

windows7-x64

7

itadx.exe

windows10-2004-x64

10

ly2_03.exe

windows7-x64

10

ly2_03.exe

windows10-2004-x64

10

pcast.exe

windows7-x64

10

pcast.exe

windows10-2004-x64

10

pingtu12.exe

windows7-x64

1

pingtu12.exe

windows10-2004-x64

10

qqa02_u88setup.exe

windows7-x64

8

qqa02_u88setup.exe

windows10-2004-x64

10

sdcnc.exe

windows7-x64

8

sdcnc.exe

windows10-2004-x64

10

sdpig.exe

windows7-x64

7

sdpig.exe

windows10-2004-x64

10

sdreg.exe

windows7-x64

1

sdreg.exe

windows10-2004-x64

10

sdset.exe

windows7-x64

10

sdset.exe

windows10-2004-x64

10

sogoutb_se...ni.exe

windows7-x64

7

sogoutb_se...ni.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qqa02_u88setup.exe

  • Size

    52KB

  • MD5

    12c1ff63ec91a8171528a56d4d4c2b8a

  • SHA1

    9001f9552a7fede019c2c442e1db7f6e8646bc95

  • SHA256

    684e89322a208eac8469d6c2bc6d359dcd9d3f9ce256f336fe5bfbdb944bb2c4

  • SHA512

    ab3a0e108a1ca87b8c1e629c7f6a8c415b98e8fe5f6a64d7a32d95b524b04e016ae850efe4715e063a047abd347925ef0e9c63c746ccbd151107131e0fbc5633

  • SSDEEP

    768:qBzvOHcki1zN3Vl5g/zg70md3fAvTcNvQ+cAnviOPaWyRI5VvCzfaXhWIQsNi:6vpkivUxmd3fuXu5yWyW5RBXb

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qqa02_u88setup.exe
    "C:\Users\Admin\AppData\Local\Temp\qqa02_u88setup.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Program Files\Internet Explorer\lib\U88.exe
      "C:\Program Files\Internet Explorer\lib\U88.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Windows directory
      PID:2720
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://down.u88.cn/qqa02/u88newqqa02.asp
      2⤵
        PID:2988
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://down.u88.cn/qqa02/u88newqqa02.asp
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2576

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6f9e33b3cc7a35855ad8c9c81235aac1

      SHA1

      8e257fe1c4303138e032a89274797812dd79b9d3

      SHA256

      c4da08bba7635fd7be5b701d0a23fb88a0be1e763745e1ef31f1eb4efeb79676

      SHA512

      42f8bcbffbc58630488fd400c483efd2d9134e43538cea543e38afe66ab31e0d01b2e0618608b46ec57fb548edc5ee4abb990447e4746ac450d06648e50764db

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d03b5cb45b3c88a0cd89b700d10ddfcc

      SHA1

      4213bbd6509479afbad6b4dc5e60524e5a3cdd30

      SHA256

      ddd8392a45915903a64ac295ac6a39e18ff96c752d4aa381b2d62afb75843ae6

      SHA512

      36c4c272018b878217a792e90648b1b70fb0d8a4536aae2c795157effba525bba8aff3dc1eb0655c1158e6561f8eae3f80a2187ace156abdcaf020b72fc6371f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fbe9ab09a4372e491c639d31e69aacca

      SHA1

      8197f8fb51d223534534dba88571e76c071d92cf

      SHA256

      d75f18411424901bf7e245ddfd55c6b0309d2349269d4ea01c2257d1d25cf886

      SHA512

      c2eac948fe7256be7723812668dfe1e8ddd59f67364289593150f8946a2e1b591028bdc650aa32e3149ef18b5998bab585f9b81f62e39cabbe81649c866bf47d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7361a9e6bff7e408fb7d65eb63795148

      SHA1

      ca78bf550fd1cd730e37b7ac9660191fa052fc9d

      SHA256

      6e3e97de9c438806c5d33166f17981645bb49978dfecb14bb24bf0f7c514e515

      SHA512

      92e419bc96f34d5b9d5800ddd07b31fc9a5a0c35cc8af0e3a57c47e4df24ee1b0fc965ff2aeb22172668a2d59c91dfc1f38c6aa9024ad6264cf1963370af6ae1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e8a6643202b57f9ca654c391f82be1af

      SHA1

      25732304a1ad543bdd2f23c74791068bcb48c0a5

      SHA256

      6c9a1517cde9e491dc3acc204f23016a5d56d875b9d28dd0a29ed7392a6a9b86

      SHA512

      bd88a0d925167cfad1c259e3690b22c8fa436ffe0a3d100235445692a1a081050e0a553cb988654ead0ee223adbf0e30c1eada6bf3c976c4e7552247c1ec8d16

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3076b60a66e13993be5f29392217a3bc

      SHA1

      9b11a26ced3c310d6edda9570c269be21a0f5c5c

      SHA256

      0c8f8a9b378b36dea823eadc4e1b73c2bf2884f8f21347c35c0b78b5674d0e3f

      SHA512

      7404a0a791720963d41d49797adc35c419fd25764bc630af264423beffcccaebdeb7064780e252b44632f8a9a0c2871e1ddd4c74ef8004b55482dbb73c52a1fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a960d4bb6bb9e5a627538b15fb2ef898

      SHA1

      e009d673a6c540b9404d92a0922775cf8968ba67

      SHA256

      68c861ed6e09f065e98c094616b0a34cb608b542f9ecd474736c45836eb4aa01

      SHA512

      dd1dd24a53e7e77f89be2fce31f47e5ce23f26af6efd9dc719d1ac54248f42db94be351ce5d51ca233f7f3c0345f2b97b404f87bcc9a8f09f6d78cfcd8f51217

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f00c08b4054e4af050f09a2bfc4ac805

      SHA1

      89947436cc2ef2cf97afeff836a824dd72583ccb

      SHA256

      62b2e9f2e1afe3c9847e944bd890f3879b9a75658c858adb1b300ddef8cbf301

      SHA512

      7bdff09b30b34f9a4576a9562d04ab496bf28ef6345c34c0872ce0fce40476f00c47fa168071f0746d85a9ac3b0c183ac63c92c6348a1a5e20372933c67354b8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b3e3ca43ae48dcccd1f138be4747fffb

      SHA1

      9f5ef80a6d2be81c8492a6669e7bda718920e449

      SHA256

      9d2c14b25ac2654629b6f5c574625171dec67682f02da24841d978d223295b46

      SHA512

      64f7c9fdf9b4849eb7bc83856398a53d779dce145912b7eb9cd644773dbaf80332e81ff7c808fc0231b39f6cf9bcc07df10007b387afed419d4bc796cfa5c5f5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0165479aa66fea6b20267d47a679cec7

      SHA1

      eba02fadd2155afbaf6da2393abbea2d892f2a19

      SHA256

      cfb0e003fe2ba80a86fba842ddf181a8f4914ab2e47d3ce80e6d40f767a1e8b5

      SHA512

      50ae71cc295a89512d608abfa8add77169f131ee36ee1fb0393e1b8d7f0dd0113fd351901091d84d25da7f81a2fd296fc8ba7a4aaad038e91666d2ce0ec9775f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ba94322a6a46c39139321256dbd1bf27

      SHA1

      9e58f290ac218fc20eea30da7e2a497e146f460c

      SHA256

      ea0a5d63615847772f0ca3fa90086a590c69fdb9288b03b392b8cb319af9d31c

      SHA512

      9ac253c6e1697146235887a7b0dcf43c067044a2c01fee365f00792d38c73643413504977f9cf24531b2e79d6c23c471d358784195f28432d00b85b5121f462a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1c507050883c6ae0d8d71d676c1862af

      SHA1

      f142ddccd39e22fc8bc9d60bec342fb814e0258c

      SHA256

      fac1ad9f17e613059a5b4854ea2c3b51c8804ffdfee8e6e3581325fc8c36fe98

      SHA512

      6445bf528435fbce220227301b036dd07765db3ca8352c9c9a23e7ae60118f163c5fffb1a3144822c3a6ddaf2c0e37d66e9c7a2085b758f3fb62ec3ff5923b3a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3af4cc4f6e4d132d3f3401908076b8e0

      SHA1

      6461cc4935ed2db36dca6af81e9c005221518576

      SHA256

      56a9f4ba15a2c37e35e32801612b0926f97728a38bd594c2aaf78b91fe9ab5e1

      SHA512

      04e08415ab551df9fba5b3e7728f3b7501afa26a545d03fa9867e4bac3d1e9f3b8a8d3890ce8305377e2a15011a4231a85dc17b5dd6251a0cb8ff4cd07771f33

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4e6c6c3c7147c73ab1bfdc7ad34d8ecf

      SHA1

      d2e418aae465eda48414cb585dd0182228f5b236

      SHA256

      c674e6442eb976b02c08a24f5b6c3d034e095722fd6d2f5296ca24d6545507f4

      SHA512

      f4a42c343a3acc4efe9e9a1a76f278c4aaa7b923e00cfc529713ad4c4d4c11048f06bd0d5731c9802af0cefaa335695c1599548feb9d7cadfac2d807fea7e424

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2364503557045b9ce5715ba4802d0b53

      SHA1

      d97ff5fb143422fa5d3e02950d499f24beb97edd

      SHA256

      8f355c5c4e74306e4b910b57f7d82334a4bf0a45dea8b58b5f541cdfd734d25d

      SHA512

      a2929f840535bdddd595a77803d9eda9c550fd18b31fea7da07afa70ca8f69e2cb6ba7b68cdae933ea79e08b4819ef9909e929cd4f62088cd4d0bc974be8affc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a653b3e5293b3cd17aa814dccaac5fde

      SHA1

      b391efe1f52287c9d4a3820328a8b81b58bba4c7

      SHA256

      f8cfaa619b5d50caf8761e4622bd9a4f45fc394da3f4e3f3a2f7924769eb0ce8

      SHA512

      89ec6d0bc5ce48f81c4208e22866f18f5d6af3ab53546daa320251a3a49bad4027f24c7f4250e2d303cbe2eb72e33ee1759def708a8d2e4548ae64c0238c7c2c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0ae1edfcd8dd0ad26cc6b09088fb5481

      SHA1

      b646401844421c1a457ee1d57d861e22a3e3dbbf

      SHA256

      94898339b131e3fbe5e5c59fa60fa8e238bfde8ddbf7bcb15fa501205584c048

      SHA512

      77f76e35de951d9d64ac6c9889be42b920dd1a38ca24d65a901fb326d2668c3ee002215d82636ca7e5f63169fe92a6e00f13800bd97519d59fb7dbc339f5bd35

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d3de97859b606fcc05fd19e64191bf23

      SHA1

      3875d6c734f52e53b928160c28a5685a5ed893a7

      SHA256

      ef241ab505f16d3540183ee203457b21dea2e196a6826030ddf28fa4dd17d6a6

      SHA512

      e79814ca7a4ed2d756f94c52451adbce6d0212f11e39c43387b33bc22c9b35d913f68192dd58483a7ecb1e64377bea2d1bd66e25a84d9630614f3d870f8282a7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9a1d296362fef2a259329b56399ec84d

      SHA1

      a0d6a5542c64676189ffd681442c9f507049b5d0

      SHA256

      fc1576b42fb9337012eb794418b1d85ef2756965f1c2c4291d98c315eda5001c

      SHA512

      0031f82b692e44a0af75437fb63fd64265ba067e3f6bfa9a35811cd809935691ab4c3e1b035973ed2079611db754c76eec48b515b06ef053fddfe706639cff69

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBC11.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarBCD0.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • \Program Files\Internet Explorer\lib\u88.exe
      Filesize

      44KB

      MD5

      c9246c85265ce6e0dd271aaa77d82a50

      SHA1

      bbc1231c67b80dee1d786beebee2bc9c021b6653

      SHA256

      87b20beb01bb6df45f85c23c53b13d92e2db00a8867dbeab1bc410420f3eaf1d

      SHA512

      bd63cbfce8302f4c376831c28c0b6cbc9e15bde54cd0cedfe2590afb55d8662d3d9d406101b77cd56e7f5f615b9d4d07da0f8af82f3758eaa00bb69c265a40cb

      Download Submit