Overview

overview

7

Static

static

3

QQemailss/QQemail.exe

windows7-x64

7

QQemailss/QQemail.exe

windows10-2004-x64

7

QQemailss/...��.htm

windows7-x64

1

QQemailss/...��.htm

windows10-2004-x64

1

QQemailss/...��.url

windows7-x64

1

QQemailss/...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 18:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    QQemailss/QQemail.exe

  • Size

    1.5MB

  • MD5

    bbfbfed065e974c6f8c1a696e54406b6

  • SHA1

    4565447933eb90d014beca8f7747a76d52aa1afa

  • SHA256

    ec80e948f210a3834a8accd4e6f11668a53254ded3e97d7aae4e3f7f800faebb

  • SHA512

    1ad77e9de3db584f58898b7a7cdc78d740d8dcd3083a8b4dfc509d8473ffea07941aa19256a8c2a87e3f38968c93263680e60ce7db9baa8095ba6141a76a59fe

  • SSDEEP

    24576:XLuQmXfVTzSSMXwYi4Cv1JHgi28p3nZpufSJn8kZMx1GfzR4PglY5WQu:rmPcjXwsCNJAi2uyy8WMxqziPglr

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QQemailss\QQemail.exe
    "C:\Users\Admin\AppData\Local\Temp\QQemailss\QQemail.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2252

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne
          Filesize

          212KB

          MD5

          4c9e8f81bf741a61915d0d4fc49d595e

          SHA1

          d033008b3a0e5d3fc8876e0423ee5509ecb3897c

          SHA256

          951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129

          SHA512

          cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_N4\iext.fnr
          Filesize

          212KB

          MD5

          d147032073df12d9d35848b573dc552c

          SHA1

          e9823b0f6ea6d316e94bdc9fe2e98a6316ac31c8

          SHA256

          7a27f0354e55162fcf4f90785c839b07ad7645117b4f1d7fdf004169e08a7381

          SHA512

          521c4a92bddc50bd9964388c48c6ff6478477690685a74976a928910bc7029418b24aef894ab54439dec7574fb2c3735898a71b9e2884e7efa1478909483c06c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_N4\iext3.fne
          Filesize

          368KB

          MD5

          ed760350798b43e32a7a580680cdbcd1

          SHA1

          a1f7913a326a980416e8ac1404a68b7dfd3869eb

          SHA256

          26e0581fc0fe2f51fb1730917538cee9af587a3e156b0e8dcd050b15dccba863

          SHA512

          a24c11453678a1dd4e6521b3ebbac8b01a00458c329239bd3519e84a97cad4963070d715eeba610392eb793486fdc7bea5d073c084eac4aae6da00073aca7841

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr
          Filesize

          1.1MB

          MD5

          3fe72f93ab5f24a0ea2d753013a41c4b

          SHA1

          9206cd206c0b2782a2b1ad1d19ace97bae6e491e

          SHA256

          db32e8ea1d91009ca25b79d7e863a08be56632641a7a145326fbfbf0931b6c79

          SHA512

          24ce75304e6b5508d9bbf425a68b1907bc51f30c168dd3b800f34e1f7fc1aee044818848d1fde40e7556af5f16f94ea02d19344bd9ffda1a6d011a624d6f46e9

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_N4\xplib.fne
          Filesize

          48KB

          MD5

          37a58e1c5ce48e401ee8dd1d1da54814

          SHA1

          a87d00d78838c2d968b72330ee6f21f69b2caae5

          SHA256

          1c426928fb90bedb31fcffa0f3fbe7bdbca4259f93f5abdefed6a9a089f2982c

          SHA512

          e85052fc305040bdcaf47262e0ce6eef0848b319baac72a076dc94e7d20ea7ad8fbdd7d5381606a3154ab84fe81429bb339123ac1cd94551b1dc9cecfb7a08bf

          Download Submit

        • memory/2252-31-0x00000000008B0000-0x00000000008B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-43-0x00000000031C0000-0x00000000031C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-13-0x00000000002B0000-0x00000000002B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-11-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-7-0x00000000002C0000-0x00000000002C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-16-0x0000000000340000-0x0000000000341000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-19-0x0000000003180000-0x0000000003181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-21-0x0000000000390000-0x0000000000391000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-20-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-22-0x0000000000620000-0x0000000000621000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-23-0x0000000000370000-0x0000000000371000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-24-0x0000000000360000-0x0000000000361000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-25-0x0000000000610000-0x0000000000611000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-28-0x0000000000630000-0x0000000000631000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-15-0x0000000003190000-0x0000000003191000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-26-0x0000000000600000-0x0000000000601000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-30-0x0000000000380000-0x0000000000381000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-0-0x0000000000400000-0x000000000046C000-memory.dmp

          Filesize

          432KB

          Download

        • memory/2252-32-0x0000000000890000-0x0000000000891000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-33-0x0000000000870000-0x0000000000871000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-44-0x00000000031B0000-0x00000000031B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-14-0x00000000002A0000-0x00000000002A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-42-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-45-0x00000000031A0000-0x00000000031A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-41-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-40-0x00000000031E0000-0x00000000031E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-39-0x0000000000350000-0x0000000000360000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2252-38-0x0000000003170000-0x0000000003174000-memory.dmp

          Filesize

          16KB

          Download

        • memory/2252-37-0x00000000031D0000-0x00000000031D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-36-0x00000000008C0000-0x00000000008C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-35-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-34-0x0000000000650000-0x0000000000651000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-9-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-47-0x0000000003410000-0x0000000003453000-memory.dmp

          Filesize

          268KB

          Download

        • memory/2252-3-0x0000000000270000-0x0000000000271000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-51-0x00000000035E0000-0x000000000364C000-memory.dmp

          Filesize

          432KB

          Download

        • memory/2252-2-0x0000000000290000-0x0000000000291000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2252-55-0x00000000039B0000-0x00000000039E8000-memory.dmp

          Filesize

          224KB

          Download

        • memory/2252-1-0x00000000002E0000-0x0000000000334000-memory.dmp

          Filesize

          336KB

          Download

        • memory/2252-59-0x0000000003660000-0x000000000366D000-memory.dmp

          Filesize

          52KB

          Download

        • memory/2252-70-0x0000000000400000-0x000000000046C000-memory.dmp

          Filesize

          432KB

          Download

        • memory/2252-72-0x00000000002E0000-0x0000000000334000-memory.dmp

          Filesize

          336KB

          Download