8c859acd6810389e5b4730873a652ba60d467fb6b010907e8a767b6f813ea1e2 | Triage

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:43

Sharing

Report Analysis Logs

General

Target

晓阳QQ空间秒赞工具v1.2_全能版.exe
Size

428KB
MD5

13b98265280f62baa93ff6b5ebd6dcf2
SHA1

956bcc646cdeb76ff442d0c5b3286c2e3b8be373
SHA256

8cbda30b7f5a5d6ea1e925e1bb22b7cc79610b43f2e281f370abd16e9b888a8d
SHA512

177249cdaefc3973be898ef05325bc786d3c47f48e79d899225c97670bff4020a9d3a306347cd7758297478175e3f492b58e8f29eb2e426a70ebb296de1a4608
SSDEEP

12288:Q3u8oFOwvLr+PeRgKYqJTX3y14oLlw0/bqke3LfoSI:Q+hFLvLr+PeRgKYqFX3y1vLlw0/Wv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/1936-0-0x0000000000400000-0x00000000005AD000-memory.dmp	upx
behavioral1/memory/1936-20-0x0000000000400000-0x00000000005AD000-memory.dmp	upx
behavioral1/memory/1936-21-0x0000000000400000-0x00000000005AD000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

晓阳QQ空间秒赞工具v1.2_全能版.exe

pid process

1936 晓阳QQ空间秒赞工具v1.2_全能版.exe
1936 晓阳QQ空间秒赞工具v1.2_全能版.exe

C:\Users\Admin\AppData\Local\Temp\晓阳QQ空间秒赞工具v1.2_全能版.exe
"C:\Users\Admin\AppData\Local\Temp\晓阳QQ空间秒赞工具v1.2_全能版.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1936-20-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1936-21-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download