dca4af7c9865626137209e77c34643777c93f59b73669a6cd888b46c0bd4a6a3

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QQQCWJL.exe
Size

1.9MB
MD5

ee135ee0dadbd7d264fc83e826a96eb0
SHA1

a811a2821afdaea2831b386e19bca62aac9d6207
SHA256

13f13241fe1a0546e09260cc5d13c4790b22bd0b9953f86d7c59c68f3fc4f859
SHA512

2fce041f981b8d67956ea0be74a02c8c9517ddcee79fa6ecf0d11d8896abc60a12ddf8ea03ae3008b0ddc66f9d4341ce6629de9b163dc0dd83d316e974d4b29b
SSDEEP

49152:q/74q/Fmz72Q1Vs47K2OJVmVeeA2ZIqnCZkR:rKFmzyQQe+D28

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2900	QQQCWJL.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2900	QQQCWJL.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2900	QQQCWJL.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2900	QQQCWJL.exe
2900	QQQCWJL.exe
2900	QQQCWJL.exe
2900	QQQCWJL.exe
2900	QQQCWJL.exe
2900	QQQCWJL.exe

C:\Users\Admin\AppData\Local\Temp\QQQCWJL.exe
"C:\Users\Admin\AppData\Local\Temp\QQQCWJL.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2900-0-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-3-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-2-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-9-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-7-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-12-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-15-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-17-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-19-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-22-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-24-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-26-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-29-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-31-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-33-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-35-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-39-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-37-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-41-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-43-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-46-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-50-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-48-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-53-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/2900-54-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download