Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

QQ手动�...��.exe

windows7-x64

7

QQ手动�...��.exe

windows10-2004-x64

7

QQ手动�...��.url

windows7-x64

1

QQ手动�...��.url

windows10-2004-x64

1

QQ手动�...k.html

windows7-x64

1

QQ手动�...k.html

windows10-2004-x64

1

QQ手动�...v.html

windows7-x64

1

QQ手动�...v.html

windows10-2004-x64

1

QQ手动�...��.url

windows7-x64

1

QQ手动�...��.url

windows10-2004-x64

1

QQ手动�...��.url

windows7-x64

1

QQ手动�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 13:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QQ手动精灵 V1.8/QQ手动精灵.exe

  • Size

    752KB

  • MD5

    15dd2c36ef332735dbd9f492c0e6f059

  • SHA1

    3f777d644e4625927a5d6dadd352a9c3ab168ccf

  • SHA256

    9e02d86d3b1dea63d025d6a1a821bd0c6694a970ad70c78ef4344eae7d60b31b

  • SHA512

    8a50c544a4c4f97b92e631a833d5d96acc30d840c864f0063cfddd80f083046ebf7c72e0a1b9640b429b1d0478fc5aedeee382e0b7516897dc45ef2515abe934

  • SSDEEP

    12288:ZCy914Ho49iYRRAOUHEWHutBKOTX2c4dQNArqNyO/oQIJhcgdLqqXlKWpgTV9ZB:ZCk+H79B3k7HutB/T+qZEbTJbgevI9

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QQ手动精灵 V1.8\QQ手动精灵.exe
    "C:\Users\Admin\AppData\Local\Temp\QQ手动精灵 V1.8\QQ手动精灵.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ii23.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df0fe855e8ba322bd20c8e43c6993736

    SHA1

    4dd16b1a33daa0be94247c58053c3b7654142992

    SHA256

    259e61a98b221473845bf35a260bbfe6cbb9aeeed14ad6d260e5381cf443a154

    SHA512

    225ac510abbc2ff53fbca940b8074818bae19d573f472d6c7d342598a2b58327c110615b746581473bc8e22609e63ff6819192a92ee4889505e9824665348b99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    221c2bc70d8ea9389e7fb77ba9454bde

    SHA1

    e1aa8e9ed2b09ee2203d7892ba4b8918b9db0646

    SHA256

    2d981beda34812562222d6029a0679466d308f18833f65ac3a29830ba5b94f95

    SHA512

    40bd59560b60f00f8f8ebdec8c1b579ac0816bdbcf083fb6f47864400a4853bfdf802495411c45b092ffd7bc16604ca257d2b9e1a525255b7fc912bc075f13f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea6020e094e7c1a9b85a7835b146542a

    SHA1

    b39cc3ca25d2f51f83db76186742826c91ee746b

    SHA256

    73f55e24721973c81e7c58ef705afd644572cbf0abe06ec86adfa67444c94e2c

    SHA512

    094d2e2996ad05e4fd90cdcae648516f32233f58da3872a3ad9bf1bcc2bbfcdaa2faa2e04e2f347662a6cf12ff5d3a2c48601f6fe3874fedb4c1d28024f2b4c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    beb75e8b8eba7fc7a6addb6f1fcf0190

    SHA1

    de5413dfeeb12713966b9c5c329f9306437edac0

    SHA256

    c1d283bd29e628d4ef7a15799c573533fdd576d021c27bc3200429301d4f43c6

    SHA512

    5fdc8b1e58c0e55c26eb5036d8f8fd6c2dc769eef7606911bd15b6a8029218a411e74054e05dfabbd22ea64e38d648629e5476758c613c79a14255ff09a25ce2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6389811f7e5c5119b3c604d896ba5258

    SHA1

    300c0e26e88f88195579f820ea6d32eecec71875

    SHA256

    1937acd3e138f1755a5cfd40ebed156153d93aa27551becd89b2b6ea7ac24295

    SHA512

    71ab0d4f7625a28545928014172c0d9816baaa979cf6cc7361299eaa290c5591c7ebfcf186913b810c49e0bd6ac2e56a593d9db05267f93eb0502647c104ca2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    216ec5b895b6706d290b4fa796f87366

    SHA1

    329d6d0899e2eb43c39d6f106bb1166121f594c2

    SHA256

    1b3a74a85c6b843093d6cc40c5a508a05f2d182968ab29276891462a82635089

    SHA512

    df0b8e778313a71b1892c22d67e1ccd380412b312085682fce00f823f686e048a64583e266e66d448e58c1ccad6b59c99076e59ce467141e187212a75c6fbf76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bfb156f99fea6d7954b2372a174a8880

    SHA1

    a9deb09e8f325af9fc0424d569db7048146f0844

    SHA256

    e89616fcade528fa296f2fc3a29d15a12d3a793880158547c0103712cbb2f626

    SHA512

    8b5e51bebc3adf68296f3925078a78a4e1c313e3284b66ce0cdbc2ec482410a74c4c4157d36f5894db23efee87b42437781496b74359219afcdea8f2502524ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f378dcb0b97f7945e7a65a9ad54216be

    SHA1

    aabd195534e3f1687b2296b34dd9ffeaaa772a0b

    SHA256

    91e13d1e1a0ead36450c1c614adcbf93d2ddff8feec67dc7ceb0c8b85fd5415f

    SHA512

    f7eca301c7924929fd955a43a9e56e389a37dd5b8a7d8b501f64cc3078539219c74ffb80e695a3408881bf8376ffc9f82298dcb8e3e545624910e6072c7542f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b19ef65ff798c01f41f99868c6324d9

    SHA1

    922fdb00336032734f46c076575cd965e6ca2237

    SHA256

    8d5861ba40c62c12e271f9696636682568600248b922fb4cdefde4cef7487304

    SHA512

    6df4624c98d534b7094b8b6092428f095e57afd3d48c742743381245e9a1095f4055c4ae515789c4adde614e6483ec796ab99f61275f660d2c3b26ff6c142940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19841c7c9a5de61928d528b1f69947c0

    SHA1

    12bb57357a3a8294137ce6d94470a73e8246c066

    SHA256

    bb4a8a9bc997a4008b011f60499c087c53b48c6a04a48241a7b9b59d24fa8558

    SHA512

    493c1f2ebec12f44431a24a13e9d13c865f35e5c70117c492f969a76c2228f69116d4c4a51ec550932ab15df682b3065ee673c01e82804c240120688a48a1fe3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    095d8c4dfceeee0b995dee92132ac7cd

    SHA1

    68648db8db85ffbe29190a264906cafcb112b151

    SHA256

    182ebaed0edcb99dabc2a6c907c3feed0b7c118bb73a91e7f9f814e5db62033a

    SHA512

    e16c59ade36afab425790907bf53a508ba46248c2abc634827cc8b989d5cf799b57d55db7ed574f6f2a482c60989f56d0ed96dd7b13d0ded487a7753f34186e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b8545986401c22407576f35ac6e5865

    SHA1

    1c483bafce48f751571ccf3d301f38377604b5b3

    SHA256

    a0ff1a0dd67f409c9b60c3902cf04e78cacc39b31939b8926a1eae0abb4cf31a

    SHA512

    ddc51d69075b12c6069898a1229758203bc1db0a1e072ca963fa66b21b1793443aef43a4ca91f1b9cb61ed494eb0b0370b2de4ef4578824bcdc20e7b1676caff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d895ff4a831c918bf743d9e860f19120

    SHA1

    74daee8d22c81ce573ce1e26cac2add9161279ac

    SHA256

    af02fbf4bb71c856e520c36dddd83e92e5f0e31c542e9eb339a15ee8c4bfd323

    SHA512

    cc8364530d2900c4e5563a2a2370ab9ee04dfdc2ea78bae17be400e31004fe63e86478ad8dc6a71bd1080b34db0618d17e197d3b1749d1e9339e4e03cb7c6f86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49e56d738959b4555ff2d4bb8dca33ac

    SHA1

    8112d494e2e2c87ef53cf7fcb2b64171205114c0

    SHA256

    b2dec7de87d17a52d10e8d632029bae6f41baf321f334e6f7293062acaf5db82

    SHA512

    74367da01561b118331d889e2b8e1bcdfb3fd2147c6edbf7dde3334d02c03d845f9ce5e1464f2750af92c002e418f60a0db84b368e7408309c4e99bfaac8acce

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2E81.tmp
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3444.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2192-4-0x0000000003170000-0x0000000003180000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2192-0-0x0000000000400000-0x0000000000701000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2192-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2192-2-0x0000000000400000-0x0000000000701000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2192-3-0x0000000000400000-0x0000000000701000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/2192-5-0x0000000003170000-0x000000000317D000-memory.dmp

    Filesize

    52KB

    Download