Overview

overview

6

Static

static

1

QQPCDownload1600.exe

windows7-x64

6

QQPCDownload1600.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 10:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    QQPCDownload1600.exe

  • Size

    2.1MB

  • MD5

    99c06b6a63a5aa0bd87e45177f168b66

  • SHA1

    b5d2ed611560a4b011269d82f19a6ce7bddd70fb

  • SHA256

    66267b30f43c6611c112b686dd04391ee18a2ede756abfd77deffe9f5f959a4a

  • SHA512

    1f8f82d5f13a4a515ca9185fa4a4bb516091477024a756b62c02be17007437d1f34471ceb7026f6d1f84d6d7f3d27534b46a72a263175a63ddaa562b5ec57716

  • SSDEEP

    49152:1mlSfemiOhG930nd63n2PV5KTB8NifZwmtP:1Xfe464cGAff/tP

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Loads dropped DLL 1 IoCs
  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QQPCDownload1600.exe
    "C:\Users\Admin\AppData\Local\Temp\QQPCDownload1600.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\systeminfo.exe
      systeminfo
      2⤵
      • Gathers system information
      PID:2836

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Tencent\DeskUpdate\Guid.db
          Filesize

          1KB

          MD5

          cf1772b5477a02dac937eae6b91aaba8

          SHA1

          4198994b4198b8362a4cca01fa1827d5432f7c6b

          SHA256

          7dce58cc73711d5dbaffa366141506ed11819a34c1b1214dc3045e64ce457e2d

          SHA512

          21ac9a04d89461db423f74d8d5d10d22843dd216b0bf7133195540dda9d2de5e707dc6c542c4cc39f51311781b04b550b0365a76ca28c17a91a9d87804bcf95a

          Download Submit

        • C:\ProgramData\Tencent\DeskUpdate\GuidInfo.db
          Filesize

          240B

          MD5

          5e837245503763ea07dbe782319304f4

          SHA1

          79dd15ecc928ad365828c69325a8591dd17b5793

          SHA256

          380f4712865766491f4b1a73ae9d926f92e71b719b5a02d368692d15b6b84175

          SHA512

          16847220120b6d8879a3f9e993d00660edb31a6515bd10ad8e82b5ae47ab2a0a94b4a5d8ce3b276eb639006ab888f0298af64692423b2dcb6c26dac8b808f897

          Download Submit

        • C:\ProgramData\Tencent\DeskUpdate\GuidReport.dat
          Filesize

          767B

          MD5

          e1337eb2b64da45d90331b6e8551dda5

          SHA1

          a000791d8a7f68335686fa6e098461f83536fff0

          SHA256

          d4926a2766ba67c1569b74021b6bf41faffab88db9462a777890ef9b275e4134

          SHA512

          2a6df42f8b1d55cc6524b917c0d287a7df74f5f221c1f28082e7036e167009f92df513296353dbb8a473b3694d8ebe606da65cc2c59103651102bc4c95984b76

          Download Submit

        • \Users\Admin\AppData\Local\Temp\TencentDownload\~f76162f\QQPCDownload.dll
          Filesize

          2.4MB

          MD5

          80f3454bb142583041bc67909d377c76

          SHA1

          75f849f4bc5d0d3070484633b919c04a875947e8

          SHA256

          540c07205d955cf4483aad98aee367757b71069cb95b80ac609b8cc7c0738bc6

          SHA512

          387ad650b81c4886337db187b6346c95b8f0febe0a76e24ca1726f78e870da21cbbf42194d14a8a50b3123aae681859fbbd9d1838e1a1727e27822f72d76e91a

          Download Submit

        • memory/2792-5-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

          Filesize

          4KB

          Download