Overview

overview

7

Static

static

3

69b9435033...18.exe

windows7-x64

7

69b9435033...18.exe

windows10-2004-x64

7

$1/QipInst...ff.exe

windows7-x64

1

$1/QipInst...ff.exe

windows10-2004-x64

1

$3/$APPDAT...er.exe

windows7-x64

7

$3/$APPDAT...er.exe

windows10-2004-x64

7

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$3/QIPApp.exe

windows7-x64

1

$3/QIPApp.exe

windows10-2004-x64

1

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$R1/Plugin...ng.dll

windows7-x64

1

$R1/Plugin...ng.dll

windows10-2004-x64

1

$R1/qip 8.0.exe

windows7-x64

1

$R1/qip 8.0.exe

windows10-2004-x64

1

$R1/unins000.exe

windows7-x64

7

$R1/unins000.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $3/$APPDATA/QIPApp/uninstaller.exe

  • Size

    40KB

  • MD5

    833317595f14b577825dcbd67b865dfc

  • SHA1

    6e06fd1f73d71826b8f609cd04293762a60f0bea

  • SHA256

    1426647a213839e3b09778dabb8879eb2ff8881634b82a78c85017ff88d90e11

  • SHA512

    7289335c3332174e7a876f7bbc86f00e98bef044d96c70214ec08e38afb855935195762952bc67d579fc6c3e59546d4319d971a148e24dd67351a1a6ddceaa2c

  • SSDEEP

    768:UJKOdm9o29rJYypQJ2JQJXJuKU+duC1ZHQ0D3LHSGiVNuoJRn1Ut:kTdm9B9lYypfMXvugHQ0DbLiNuYI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$3\$APPDATA\QIPApp\uninstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\$3\$APPDATA\QIPApp\uninstaller.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4840
    • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\$3\$APPDATA\QIPApp\
      2⤵
      • Executes dropped EXE
      PID:4928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
    Filesize

    40KB

    MD5

    833317595f14b577825dcbd67b865dfc

    SHA1

    6e06fd1f73d71826b8f609cd04293762a60f0bea

    SHA256

    1426647a213839e3b09778dabb8879eb2ff8881634b82a78c85017ff88d90e11

    SHA512

    7289335c3332174e7a876f7bbc86f00e98bef044d96c70214ec08e38afb855935195762952bc67d579fc6c3e59546d4319d971a148e24dd67351a1a6ddceaa2c

    Download Submit