Analysis Overview
SHA256
5d258ae7860613154764a3919f0f5684e6fe12e1780c1b0b8e8f6699141fe15d
Threat Level: Shows suspicious behavior
The file QQPCDownload_home_310053.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Loads dropped DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 10:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 10:46
Reported
2024-06-14 10:48
Platform
win10v2004-20240611-ja
Max time kernel
69s
Max time network
80s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\QQPCDownload_home_310053.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\QQPCDownload_home_310053.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\QQPCDownload_home_310053.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\QQPCDownload_home_310053.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\QQPCDownload_home_310053.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\QQPCDownload_home_310053.exe
"C:\Users\Admin\AppData\Local\Temp\QQPCDownload_home_310053.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | master.etl.desktop.qq.com | udp |
| US | 8.8.8.8:53 | c.gj.qq.com | udp |
| HK | 43.135.106.117:80 | c.gj.qq.com | tcp |
| HK | 43.135.106.117:80 | c.gj.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| US | 8.8.8.8:53 | oth.eve.mdt.qq.com | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.106.135.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| US | 8.8.8.8:53 | 68.47.33.101.in-addr.arpa | udp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| US | 8.8.8.8:53 | dlied6.qq.com | udp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| SG | 101.33.47.68:8081 | oth.eve.mdt.qq.com | tcp |
| CN | 122.189.171.73:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| CN | 211.93.212.206:80 | dlied6.qq.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| CN | 115.56.90.107:80 | dlied6.qq.com | tcp |
| CN | 157.255.4.39:443 | master.etl.desktop.qq.com | tcp |
| US | 8.8.8.8:53 | dlied6.qq.com | udp |
| CN | 42.56.64.52:80 | dlied6.qq.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e5785ca\QQPCDownload.dll
| MD5 | a97f113cb88c3918e3a4ea0543751401 |
| SHA1 | 91f0de97f4620bce05a99975424208091b3a4317 |
| SHA256 | 953ab05b69f8ea4691f7caa0d50cd52026a1e3345e1a09ee1733727ce4f0c245 |
| SHA512 | 348bf533bf9709943ccb297a66a774415425d30b288b6fd4823939023c3bb73662b5caef34e200e1c3c8aea1392b6b5a2519a963a894658f52108e1b6259e2b1 |
C:\ProgramData\Tencent\DeskUpdate\Guid.db
| MD5 | 0c273a998ee7615055a54e317be89062 |
| SHA1 | cdf3c696a41bb85812630a914383780fec793f34 |
| SHA256 | 10acb48eb5c15e988488a9c407c94d2075a025859bc49377166ff46ad6eeccdc |
| SHA512 | 4965221a1046c77baebfa04e98161568cf459511abbf3194045b08c420c3b2af1fbc97d261224414446a34f119b57abb8fcbacda48215d52e9f7afa253ca1316 |
C:\ProgramData\Tencent\DeskUpdate\GuidInfo.db
| MD5 | 339a7a14eaf6ae4f9652c7b88c3e7840 |
| SHA1 | 0b13abb60df0e0e1706910bc611a468b57de8a13 |
| SHA256 | fc6f35df9bfa4a73c06e2a2381b9d1ad8c436d6fc326fa7385bbe85c6cc295b0 |
| SHA512 | 754c01389b39f7f07b21224e42924513a52b8a802c7ede9ccd8d477b10d1f5fac28f4f41b2814a7c599ef510bec404994d412a69760159edc724338bf6c65268 |
C:\ProgramData\Tencent\DeskUpdate\GuidList.db
| MD5 | 771128b35b5ab854d65c44d8e59c787b |
| SHA1 | 968935174947870bb688767beefd5852a7649c85 |
| SHA256 | 83319b3aa9a803a4e40551ceca3f2f0bb33eceae12a73897192324d5d4fc6558 |
| SHA512 | a585dbfd31958f9e90796a7efca8d6e1ca69a147ced7dd25a26697e11ac656a97571977dbe232cb70e6318dcf9314c120aa4ba0c48830f3d268413b19529ef91 |
C:\Users\Admin\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
| MD5 | be7909fa9c6495334c1b74cbf312af04 |
| SHA1 | ffdf7ecccbe38ca64b538aa28040dca63483a240 |
| SHA256 | 392cf36d3de808c26a7c508fcb68f651e3f49412ce00727cd7b78e27bb41565c |
| SHA512 | 5b7a25f67e61d976ac407fa4546bf223bd0fb6f44e0c87f6d8055387f2a86539f9ce94985d0331e732b047d30fdc59aa299a8df51008fe63a1ab97a071e4b7a5 |
C:\Users\Admin\AppData\Local\Temp\TencentDownload\~e5785ca\beacon_sdk.dll
| MD5 | 1658e561f8015e8b64a633230b22261c |
| SHA1 | 36c85376d8d3f1f68240fbd535a46af55efe3207 |
| SHA256 | a262e12e2dbe40b76b0cb84151aa02b5042ca0acd36e9482eb80638455a1951e |
| SHA512 | 414de291710d59d12f30dc786326b682b5f3415409cf89969c8999da424006df20b13782a93cdba6d644d200885afe9f208176b3c8cfa37846d5994d731d2296 |