Overview

overview

6

Static

static

1

QQPCDownload1600.exe

windows7-x64

6

QQPCDownload1600.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QQPCDownload1600.exe

  • Size

    2.1MB

  • MD5

    99c06b6a63a5aa0bd87e45177f168b66

  • SHA1

    b5d2ed611560a4b011269d82f19a6ce7bddd70fb

  • SHA256

    66267b30f43c6611c112b686dd04391ee18a2ede756abfd77deffe9f5f959a4a

  • SHA512

    1f8f82d5f13a4a515ca9185fa4a4bb516091477024a756b62c02be17007437d1f34471ceb7026f6d1f84d6d7f3d27534b46a72a263175a63ddaa562b5ec57716

  • SSDEEP

    49152:1mlSfemiOhG930nd63n2PV5KTB8NifZwmtP:1Xfe464cGAff/tP

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QQPCDownload1600.exe
    "C:\Users\Admin\AppData\Local\Temp\QQPCDownload1600.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Tencent\DeskUpdate\Guid.db
    Filesize

    1KB

    MD5

    8d896a9acb4a24d1985254150253b075

    SHA1

    08f9640f2ad9ee3a3d0e590efe323ad53c7847b3

    SHA256

    0c0fa3456e9defc86f1f6157e0c56caed2fb56a7af067a99d324c4663abf5c5b

    SHA512

    0a15b849ffc55abddb6a3d5a5bba4b56504994f9d1af81484c71fddf9801ee59fcfc382b8a71713398ee0c88b337e988f01054249c5bd12ca28abd4ce59725a5

    Download Submit

  • C:\ProgramData\Tencent\DeskUpdate\GuidInfo.db
    Filesize

    320B

    MD5

    3f8770a1f1d6fe1ababdbae4d611b731

    SHA1

    279832814c7858c76a83ce87d9a3f304ae590da9

    SHA256

    64248244a0f3713342ece8eceff4c5901070cbf0662f04ea40a79d9e30d09980

    SHA512

    8179aabf035f30ef2a148e2ca3b03c053da511b7790fab52a4052f150e6b3ba1fd56cfd7388093a287d8f79ee0d18a9639b4b6b4c1f8969f6c8151fbd94ff0a2

    Download Submit

  • C:\ProgramData\Tencent\DeskUpdate\GuidList.db
    Filesize

    221B

    MD5

    3eb075d9bc7f0e58859b0a52ddc78414

    SHA1

    74f78dec84cb6fe0471c1dc87b44095532f31147

    SHA256

    ce2c88dc6a220ab367b184e411a617747535aecd614042dfd53828ebcde7a0b0

    SHA512

    ffb812fac0e63c6f850ce41af7d283c62cfe1a5a61514f5e1e3c5e7fea8ced216865b8179d0a4888e1fbcc297df22ba6a83bf3a80de45a102d9a166bdb7d38dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e57c12d\QQPCDownload.dll
    Filesize

    2.4MB

    MD5

    80f3454bb142583041bc67909d377c76

    SHA1

    75f849f4bc5d0d3070484633b919c04a875947e8

    SHA256

    540c07205d955cf4483aad98aee367757b71069cb95b80ac609b8cc7c0738bc6

    SHA512

    387ad650b81c4886337db187b6346c95b8f0febe0a76e24ca1726f78e870da21cbbf42194d14a8a50b3123aae681859fbbd9d1838e1a1727e27822f72d76e91a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
    Filesize

    190B

    MD5

    83fe10e4ccc672eacaa3c94e7a502cbd

    SHA1

    74c7b503e48ae1d7aa94a62363c79269aa8a27c1

    SHA256

    5b7cbeb242e0a5e83e01438e8492dc2d3377a4dde1819be3b3d9752a18011114

    SHA512

    f0935d54c6d02363222218effd299c067c496b8a76e80ae85f48b808718b77dc54a2a7273bfa8a96fa0838877f41b4efca9ba7759d6089545b78362f87b4ab63

    Download Submit