Overview

overview

7

Static

static

3

QQLive3.5.exe

windows7-x64

7

QQLive3.5.exe

windows10-2004-x64

7

$PLUGINSDI...ne.dll

windows7-x64

3

$PLUGINSDI...ne.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

ADManage.dll

windows7-x64

3

ADManage.dll

windows10-2004-x64

3

BalloonTip.dll

windows7-x64

1

BalloonTip.dll

windows10-2004-x64

1

COMToolKit.dll

windows7-x64

1

COMToolKit.dll

windows10-2004-x64

1

CacheFile/...ds.htm

windows7-x64

1

CacheFile/...ds.htm

windows10-2004-x64

1

CacheFile/ShowPay.htm

windows7-x64

1

CacheFile/ShowPay.htm

windows10-2004-x64

1

CacheFile/...ex.htm

windows7-x64

1

CacheFile/...ex.htm

windows10-2004-x64

1

ExceptCatch.dll

windows7-x64

3

ExceptCatch.dll

windows10-2004-x64

3

GdiPlus.dll

windows7-x64

3

GdiPlus.dll

windows10-2004-x64

3

LiveAPI.dll

windows7-x64

1

LiveAPI.dll

windows10-2004-x64

1

LiveStream.dll

windows7-x64

1

LiveStream.dll

windows10-2004-x64

MagicFlash.exe

windows7-x64

1

MagicFlash.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    11-03-2024 16:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CacheFile/index_loge_normal/index.htm

  • Size

    521B

  • MD5

    f27c258679f3ab9e5e1eefbaff660851

  • SHA1

    f5a95c049632406631f58dea367e683293cced44

  • SHA256

    a418dd9829ab12231827281998ec859c306b7ea5f4f13bdfa843ea2417731389

  • SHA512

    a79d62783dee77a6b6000f5c3e2b3183564053dc617b7fb5d08876e47f72d1860a7d946c337c4c6d861e5f9ee51bfd9d87ca908033df0ca6186fb7861e8a7dbd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\CacheFile\index_loge_normal\index.htm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71d77fac2ef0a5176561013d04b82c62

    SHA1

    8caa32e67282293ddd3c1028b40d77ede849c9a3

    SHA256

    8c73533b2a0fe568cc83e389b5c2b964ec21b5e8af8345f7b76d1b8a30f12e51

    SHA512

    bc5bab596b73ee17b9b0bcbd5bf18d98e74dcda2959c61a57835d06a3b093d66837a0f8d39524999c8bfc68dc534363ba05cd2eb6d2eebc81bc85fb1590e135b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d890427af3a247d33fb75aacf697f247

    SHA1

    7287644e743d125635ec5f74a48bae748d25f316

    SHA256

    cbde81c0192829d2a962bc4175b07464d14008e9d3de7039ab781e02b7ae2a73

    SHA512

    1fae5c0e5b7dc22ecb2f76f9796852f8b87795c8bff24dcb8784fd13cceb52b30837772fd57c1f31d09927a0c4eb56166ff5631dac35e3689c6a7edaa08e9261

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec2d0494a816e8dd7c5c69a7a98e9c3d

    SHA1

    1d15ae5f78a70a8ca3239ebd9fc2f96769a80cf6

    SHA256

    fe091cc15c24adb575c8bc202bd63457a6bdf257506d0a6afdb768c4da3a6dd1

    SHA512

    f0d61bd1d4a293360f2d5f16be0f278789886dead9bca1d65aa41e6afb0df1694945861bff1fde8e030ac8c7d68d41b48b007635b10e2f70f829533269a7277d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2713.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2B7E.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit