Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

QQPCDownlo...60.exe

windows7-x64

6

QQPCDownlo...60.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QQPCDownload310060.exe

  • Size

    1.9MB

  • MD5

    4b82a52bbcac9ac5012b81df7be7f78e

  • SHA1

    14077ae69cdcd9a175bcd957aaaa608f0d647244

  • SHA256

    3e7c8926e442f4b39c75df7319a2885c1495bef85cca82e7d1572dbcec1a00f4

  • SHA512

    254e694837f3240a6474c9b7cc80ae5627a880ec920a0212af5a7e32384bad03502048593d3391c906d26383bc2a1380046d496589736dce32c52b7dcd781e5f

  • SSDEEP

    24576:evpH41Cl36RgrO/+NiLrJ9M9xwvV2ExxF54TOh/JAu52v54QY0GFyY6sJLfQOmf9:MmCiLnwUDN88/euMvUnkY6sRfVmdQE

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QQPCDownload310060.exe
    "C:\Users\Admin\AppData\Local\Temp\QQPCDownload310060.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1492
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3916 --field-trial-handle=2236,i,5367110156796017614,12594004256180761011,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Tencent\DeskUpdate\Guid.db
      Filesize

      1KB

      MD5

      86e9a12b4419a7aa9d38502f72667add

      SHA1

      3ccfa9dad0271bc8293edb5202b4b1de58b0d8d4

      SHA256

      304a9be4a4d35aad1570220c69e1fe84d74d1e94647c49a18c5e8c54bd508ce2

      SHA512

      ab24ed4dc4d33162810c2e942919592091194cc5929a2a48d584ff26f85d0cf32429eb89ee9cfa903237f11d9b9d85ae92b4c23990c9e0938395eebad03daf3e

      Download Submit

    • C:\ProgramData\Tencent\DeskUpdate\GuidInfo.db
      Filesize

      320B

      MD5

      e27f6d6b4ccd0562fae14f7a30dca5e0

      SHA1

      c7a9ff8da8f2c410ef3e81d991cc46ace03b6e53

      SHA256

      1803222c7138d365727a603aab26639d6e82392884dfa6677384d99a0a624d62

      SHA512

      8ed24a6763d175663e59d7644531dade582f88acd83dbf9a378e18a4142aaf7e764cea64cabb244f36e926f3a4c2ff795ed98e332b752cd613fedaf7c6bb53e7

      Download Submit

    • C:\ProgramData\Tencent\DeskUpdate\GuidList.db
      Filesize

      221B

      MD5

      1fed81ca890712953c8ec1ded87a7595

      SHA1

      772a7df55cbdf04c9712b93b1abf0de71c6cb4fe

      SHA256

      4c54a0df20d06f2bce61c356b3db406036c2e997dc720d23e2abf3d872c13e3a

      SHA512

      aeb7c3507dfb29be581972fbafb9f80b9e73712001499557351655a42cf8fe5c0b300928e6e45dec8ef8b87262b5708694648b95fb29599a17ca7b04b934dd2d

      Download Submit

    • C:\ProgramData\Tencent\DeskUpdate\GuidReport.dat
      Filesize

      769B

      MD5

      5fa994caa27eb5d0baef9e63a895f843

      SHA1

      8151c6a6fc9ed82b4fee4f8d0153ad6ffc14fc52

      SHA256

      a890573f226151143c340f7fa20b9c1e030ec87f3bc47995d9eff83c8d299aa6

      SHA512

      4bc5efdf2911c1992aed684008372cc0dee70fedcee27450ac6ced1ea90bc942d016f365af6967d4825ac12d0c725ffaca43a8ab171bad0ee1799cd002092190

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e585186\QQPCDownload.dll
      Filesize

      1.7MB

      MD5

      f303c7c2408824e57a77b41418e35b5b

      SHA1

      aabc7c4b203fb94124ecd9b7e8ba81d4da722e1b

      SHA256

      74003c486081965e76fd00ca6b9265b04b8fe65f826e2b72e6717503f487aa81

      SHA512

      6e4ebee21d7944700385f075afd2b76dbdf590b00faf9c0041aff0b1c9c0b8663e5c79c44658a23aefa13ad234077b9e39f50e9f261a901a816cc668c363b28c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e585186\beacon_sdk.dll
      Filesize

      1.3MB

      MD5

      67303cedd0654a075c13ef8b5135e28d

      SHA1

      d8fb6924b9d2a4d0a8075a8a3b63acd5346521fd

      SHA256

      1d5b0382c797b662ab49a2c88b9184bc45d8c18cc1c0a68377f1cb5989efe277

      SHA512

      b644b810c35e1e01be423418707758c9c851b04d7e3408f44482d67dfc2d36ef26802dbdd07d990c40ac705b2aa516ac1c792ab0e5ae6d54713b51874a0dffad

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
      Filesize

      190B

      MD5

      7cce4969607fae3a281342a666fff481

      SHA1

      114c7902de7ed7a14aea01d50408760b87c193a6

      SHA256

      59a22d18b08fbed5b2ef44512fa385fe7b764dd7f5f8b71e9e723c5b173150f1

      SHA512

      e69ab8db83c002b6b551245ceef685769f0575b93f7d29150b6ca401d1160bcba3a31eac5cbe95a43db38eb64ea2f871fe9fe35ead78deb812d23b6e1080a0db

      Download Submit