Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-04-2024 13:49

General

  • Target

    qqzychess1.5.exe

  • Size

    3.3MB

  • MD5

    07641055f58ce414102925f82fc2b241

  • SHA1

    fb5976ad29b167e7b565f641c57b6caa959d065a

  • SHA256

    7f307d5d2fb00add886e95673f3712d7cb8d4415d132f30cf167c2276a73afad

  • SHA512

    90dc86dfe57f25e83f8a5c7054da35d16c004885551ad29fea6d7eb4a4dbe413c5a8a3fcd12f6abfd27cd8543577005aa979aa85dbbdecfd68812e4048e20cb3

  • SSDEEP

    98304:vdVkZ94WmfuhUdO4wjYBLryyoMSiIbZn3TgFsrFql:1kkmU44wmLaMSiURpql

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 34 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qqzychess1.5.exe
    "C:\Users\Admin\AppData\Local\Temp\qqzychess1.5.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\BOOK.DAT

    Filesize

    1.6MB

    MD5

    6a403b6af3d08fd857881d2e43b9dbc4

    SHA1

    46f22430f443f149f7a370b337bac318ada871f8

    SHA256

    d97e0f9c7d4d0012b09db65212efc6fa544dc314125e28862e0a524bdfa60570

    SHA512

    4ee56bc0fe174599f8f3c8149fde0aa12d970dc2bc7638d3c3d59059d1b486d274c94e6e56047660357231c31f9b02c53e683413a528b89b7c7c4431f1191d73

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\Hand.ico

    Filesize

    326B

    MD5

    36af4bd3e963bb6d681c3e043c06f504

    SHA1

    7a1c7a8646f6e47f38dfdd3874ca90c05d52507c

    SHA256

    87bfef52971132ff30f7713898a8e729e6f54976eff957e47507f14469455976

    SHA512

    6a6a4780b82b5539c6abad1dbd94c562e0e67250639649acbb2079963af8e740a6fd02e5717b61d4b21c5c06d16055e2cb55c052281be4fb706ab625ca8d21c8

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\bind_8134.exe

    Filesize

    48KB

    MD5

    1d10d5969a37ecc2dfa60ada66a13513

    SHA1

    d7282609636b0835fd8a8981586ea59fb9fbf9df

    SHA256

    748190035eec74d824400dc4ee0a1e0317349036a5a71aa5323a965fae0bd716

    SHA512

    aedda18d58f3b00679770cb0ff3033c20092a50fd0bed05c55988d6b075269d6a94fb7bbb0816d22855296ba1e8d0ddfc485c23c73a81f75c4e305e519bfe4b1

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_16.xml

    Filesize

    45KB

    MD5

    8ce1df7b74c0a3d6695efe8782755fec

    SHA1

    0d437b83dd5dcdfb1802890dfe698956e2eae047

    SHA256

    cea7093f4fbee2e0ceeacec2e271ac18621b7b350ac989f6540501abe6948e25

    SHA512

    8eab6d9ac1e300fecccb7a255fa4256527b0bdeabf69a4ceec43cc2ce0936ab9cf68b9d61a7d4aa92fb06fc17539db13ed51cedff356f67501c2a35aad530b77

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_1024_768_32.xml

    Filesize

    46KB

    MD5

    b22bf6737666e680cd212febb8857350

    SHA1

    23419740dec2498e67667c7382889ce14a6e706d

    SHA256

    720c1497565691ad26c05801cdeeb078347f458cfbbbbbe17a3cdc21529aac9d

    SHA512

    0e68cf3f13bb028c1a0f2acc6e64cb26674b2b1973401a9a15a02b81ab959d81780b40306cd747194376585f91343e0a65ada5730d9067c145fc1e5cd9ae277d

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqnew_800_600_32.xml

    Filesize

    46KB

    MD5

    61976688ba839fd4db12fdc53e5ce4d2

    SHA1

    4ec042a26dae337105930d15a0a77a0e5ebbdfb4

    SHA256

    a80fd5db84f661cbb9dfb40d88d0769f60c263cfdee40a06c43fe00204a619fa

    SHA512

    8f8e93875cf3c24bdd65dd883c1be739f8ece495014f614b35833051415002595e3f27470d7c044838c0a9ea5d469f0c9da3c45f32834cb3e80ddbdb0d874efa

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_1024_768_16.xml

    Filesize

    47KB

    MD5

    a6bac4bea0336f9aa31c2efb43480dd8

    SHA1

    e550add526d9c48ffa582870719bdff330b1a3d5

    SHA256

    681ce26393ddd16e418fdfda1c5d2e4b37abc5b91f2921ce2aa74f922cec3f53

    SHA512

    2cc6eaa87b2f2ca7f020244c82b0c005e4a5c0d7e322e9b3c411c5879aa5ad683c168e37dfe10e088e67ec5872cac5d393e0e6b3318eff1b1e13449ddc8259fc

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_800_600_16.xml

    Filesize

    47KB

    MD5

    34b4e692ef325572052cde4398edef6e

    SHA1

    1cb18dcfcfd3fb0ec09470e0f8aa82ffabd97029

    SHA256

    6d3176c2329ff0e4a14c19c107f8fc5556c02f86a05ca657907be7b3730abeff

    SHA512

    18259713bfab512d622a32c68b0d8efe72561a83e9fdd8456a544d7c117d7e9ed7c418a3f0bc9782eba4f1ac12744a7822f8764506e841a4bff53277e266370f

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\qqold_800_600_32.xml

    Filesize

    47KB

    MD5

    9e8f5a3869736b2fbb9d8c354306d74c

    SHA1

    bd871e2afcb06d2ed0e42483c57bdb182cf11372

    SHA256

    648bab53e65f9fec4a755e3b9b450f82ad0e16c3dbdcebce389a3d66a606a49f

    SHA512

    3b8a812d95a480bfe4ae54e37d84d0e377d3b62b2dcd475fffa14de5dfcadaf96feb3cfd24ee928105c107b6c8e8b598d6c98a4e89d552572cc0b5994c019ea1

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\sogoutb_setup_pp365sosoft18_mini.exe

    Filesize

    281KB

    MD5

    194d0098b1b7c123ad782613d2af359a

    SHA1

    c99c812abfc2f08e8017d77b8f761262173f1b9f

    SHA256

    05cb280095b94315a446f74cccd8af3b2ce53b674d6d9025806fe660a1cc0f4d

    SHA512

    25432e7f63f6a1f3d3d3329e914b50299de047c45cdf25a60da7eb8ac49b38cde6c69aaf98aa52975b8467efcab1841bcef61997bfc5ea84e25a16c964217ba1

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\wpsdls.8824.37.exe

    Filesize

    232KB

    MD5

    99e6662b4f2abfa53937cd54207b8e06

    SHA1

    67d0087a36afda2cc282ce053037b137b48f317e

    SHA256

    04115b0c94d043af4d3d00980569aea2c43cd3f3e68ff29663a1d87fc3d7411d

    SHA512

    84df1dcb356c5ab1ea2a068863bd1a680cc1f3c56604a8ddb3f0c364d7750368c83ef91f9a08a277a477b7aabd286aaecf852b627bc5cc8e9d60d609eaa9fdc3

  • C:\Program Files (x86)\×ÔÓɿռ乤×÷ÊÒ\×ÔÓÉÆåÍõQQÏóÆåÖúÊÖ\×ÔÓÉÆåÍõʹÓÃ˵Ã÷.txt

    Filesize

    1KB

    MD5

    b51dbfdf5434a15ceec0f6678ff1d7c5

    SHA1

    4d2a98f1b4eca33f108c3cd198047b342f02be78

    SHA256

    9ab61bc7a580e3e5daa890e5099598560b1bbaaef53f837a2540809fa3788748

    SHA512

    ef47b83420934d2ffd38e2c59170d57e17f3dd41f0211616fb1a91ea856b653144b5194215bde0f46165dbf59c413c306ae95cb8e4cea09e3a1d94cfcf943269

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\English.vlg

    Filesize

    10KB

    MD5

    0e36eb1ce14a3391a8073c6b22766908

    SHA1

    74b4f58d5a0b97b5226e41186bf00cb1493b991a

    SHA256

    9d4b233201a2d0e22e3762e8a269ff8742c2097d6cfcf707e01fc7f0bbbcb951

    SHA512

    2b708e24a5a0bc99d282c3465796e121421eb43c18295496291c3e21747fbd3de98250d0dc41d45950eeb7684dea6381ff37e8e2ab90228e7f27f87e86c9fe06

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\QQChess.exe

    Filesize

    428KB

    MD5

    7b0f429df3dcac3f5656a3945b78c9bb

    SHA1

    f02dc1ed18460887810bf6cacc1cc009193164c8

    SHA256

    bddcb85c3cfe7c11b6430e68dff2f14c3d1eb9d607e084f50a3f981cded2c756

    SHA512

    b46aa377714dc96e8e9a09e0e8db512ca8de03b5bcaca1c805f3c38a77d4ea907fff079158dceab5d297a28d30d952084eb94ea3d69a7870f69d3fe4aa4fd47a

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\QQchess.ico

    Filesize

    26KB

    MD5

    bac8ea9db3e69a070afaee8c3c4be8bd

    SHA1

    4a33da64064df74b736e70681e1053db91582cd4

    SHA256

    76a72b4019ddbbd0b9de064628ca8192e31a25685a999f1411dc6042eeb9f29a

    SHA512

    35d0095f675e3324fcc782b3522176a55a8128b9215d63e08d8d68932d3870e4e05ba39a407f87f8de1861915a14654e02ff7916bc9d06a81bccc43fe3322b4a

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\default.bmp

    Filesize

    18KB

    MD5

    f372b11ff99bffed4cd279c0155adede

    SHA1

    89cbf60925076e9a14fd48b13790422b43a5b989

    SHA256

    d9d5e28eb445e7986bdef4d409868af205d525f2f0729427dfe3e33a7251b15d

    SHA512

    e902f0d7ff0e2af64ce3e8ae6d704ec21b04b35ac3f25a9acd53938b3b66fbaa02b25e816202f165e2d7339b62d2cd6fe9f764d64eefd5b24d1a108cb4b2679f

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\freechess.dat

    Filesize

    80KB

    MD5

    0845b969fa366b3c5993c7af3161f02f

    SHA1

    1a2012c38f132fe6cd4e5565637ee3ad7f2a5fd5

    SHA256

    75e7a88a0df19fccbbe04b94a8811b9d7af0d4ef9f2666cf34d09c56ce137e82

    SHA512

    482242175f3d7c4950ed1c1bb7f568d60a264d548b5da74f5f30e5539582a3573ebb265d6665b47fc0ff54d875cd6e7071ada9680fd85614a3c5cf83348d18fc

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\qqnew_800_600_16.xml

    Filesize

    45KB

    MD5

    db0e4e68a1d0b6ae1931725cd36af672

    SHA1

    f45047c8ed08ed2bdc3af7ae8bce72812bedbf68

    SHA256

    ce9c187239adb8f5eca02239744d522fa8210fbb7bf97a7a854b09c827cf8da1

    SHA512

    cdfdfa3dab16f644dbc97e0c8850be3f7f97357f5268f4dfd7081d30b6e3e3352a4af166465f9bb6a58c20e7db5ec8218ba349c5c846ab6632461ae77a3e1450

  • C:\Users\Admin\AppData\Local\Temp\~vis0000\qqold_1024_768_32.xml

    Filesize

    47KB

    MD5

    bd0b8da44efccc9f8f65db6266526672

    SHA1

    597a6e06752f14aa824d31919994cc1394094439

    SHA256

    401d4725ca29dcee185024d7e3aaf6e13565c306a3994268167d409f92a64f0a

    SHA512

    8f59946bb0e5da019452cb847b90a42f2aae9ce703a2991512085187a788f8125dbcddf53e9c95860ec58234ed7b4f9ada4b1e5ff9d3a3a431991850041cb16e

  • C:\Windows\SysWOW64\VB6STKIT.DLL

    Filesize

    100KB

    MD5

    737be44c23baf9c094c46ff7d4e848c7

    SHA1

    08826635b8efc67725737738a477fc9aa2f594d0

    SHA256

    6fc6ce013a693fa291a07004adb3971774f420235e78f174d59de8e881f23530

    SHA512

    f147c3f6bc874eaf714d817a09556929129cbbc4c5ab0e89796aba07d876b90f01145d759e4a68d79429a673d0bb9297dba4382500515349da76d5e464f5c439

  • \Users\Admin\AppData\Local\Temp\~vis0000\vise32ex.dll

    Filesize

    500KB

    MD5

    2c93e8c9854cf42d621b2eb05c420cb4

    SHA1

    515e440f64a141d6f82bb8a81a2f82a826f0ffc2

    SHA256

    27170b52d5d6887824aef79ca546c9eca7755cf2eb632b1129302028c99aa7aa

    SHA512

    420e45169a352d0575a9d1b1ab341b51ecf2be537ccf404d6ca02f24e0084591c5b200ed70842eec9eff7188c8d893c9303d283e8d4c131d96d05f3dab8df40a

  • memory/2844-217-0x0000000000770000-0x0000000000780000-memory.dmp

    Filesize

    64KB

  • memory/2844-263-0x0000000000770000-0x0000000000780000-memory.dmp

    Filesize

    64KB