5557bc2b4439f7e348cc30dfab22714f051296d8906691256d1280715cb40825

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddqjh_wqeqd.exe
Size

31KB
MD5

c35a26f177a905feb02adbb2d7db5c00
SHA1

70f5a756fa020fedad901014206f4069cdd024c3
SHA256

362a34664946a5fe654fe5f3286392d88c256962a1a0dc4342dc4fd0db47f299
SHA512

79c62acc778f131ae4ab070c309a4452c2d84b22b06ca499e5bf158a80aff20f0c1fcbb810374f8c1b9b8314aecc52f7818e7a241d354c0675ac2e73e8c233c1
SSDEEP

384:BUthoe0T99FVAL6zpA7AYDhwaEk3i8FnI9Y/QwapWOIl8fKP1AePnYPL4odu:BLe0FFzp4Df5X/QdpWBl8fKP1jwdu

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	ddqjh_wqeqd.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1768	ddqjh_wqeqd.exe
1768	ddqjh_wqeqd.exe

C:\Users\Admin\AppData\Local\Temp\ddqjh_wqeqd.exe
"C:\Users\Admin\AppData\Local\Temp\ddqjh_wqeqd.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1768-3-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/1768-5-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download