d7249002b3af2889df2e9298001c561bcb9c7ef9aa67259b8efb2552a02f465e | Triage

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 09:23

Sharing

Report Analysis Logs

General

Target

21QAGames/21QAPlayer.exe
Size

1.1MB
MD5

d0a31172a8cb61f56648dcdf55a72ff2
SHA1

be1512b2f8bd49ae181cf64305b874f463104bed
SHA256

294ca19e91c0c2857e4785c52c3d914d5f28a5d7de91a361c5831fe3ec5a7619
SHA512

ca4ae4209957ba6219df46fdab7d0ab0c841c19fd8c914368c3748c5c446cc0f734d0c38db85115e42a711e486aa789d65e13403546bd0f11f7137e35be41112
SSDEEP

24576:Iwuoizk1v6R7SXJAouI+VGIn9nH22Z44CTN60mGYjSna:IwuyFqQ56NCT3mVSn

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2140	912	WerFault.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
912	21QAPlayer.exe
912	21QAPlayer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 912 wrote to memory of 2140	912	21QAPlayer.exe	28
PID 912 wrote to memory of 2140	912	21QAPlayer.exe	28
PID 912 wrote to memory of 2140	912	21QAPlayer.exe	28
PID 912 wrote to memory of 2140	912	21QAPlayer.exe	28

C:\Users\Admin\AppData\Local\Temp\21QAGames\21QAPlayer.exe
"C:\Users\Admin\AppData\Local\Temp\21QAGames\21QAPlayer.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:912
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 424
  2⤵
  - Program crash
  PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/912-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/912-1-0x0000000000400000-0x0000000000521000-memory.dmp

Filesize
1.1MB

Download
memory/912-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download