Overview

overview

7

Static

static

7

QQ牧夫 V...��.url

windows7-x64

1

QQ牧夫 V...��.url

windows10-2004-x64

1

QQ牧夫 V...mf.exe

windows7-x64

7

QQ牧夫 V...mf.exe

windows10-2004-x64

7

QQ牧夫 V...��.url

windows7-x64

1

QQ牧夫 V...��.url

windows10-2004-x64

1

QQ牧夫 V...��.url

windows7-x64

1

QQ牧夫 V...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 12:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QQ牧夫 V3.00/qqmf.exe

  • Size

    776KB

  • MD5

    4843388b2b990ca48708b0b51c4c8822

  • SHA1

    d1fe2361ce8dfcfacbecec9f58cc13fbfd1505dd

  • SHA256

    4dd3134ab6ffc205ccba28c7c5509c9a5e3c4c7b3c003ec1c898592ab53cd90e

  • SHA512

    5c6a074dd206dfcd1755cfff5d595b76d1bafea4e4273c0c8dd300bea3833df6eeb07df741effecb5cdfadc769bfc62b2a0e2f07361dcb436c0f2ba4b36d2320

  • SSDEEP

    12288:ryxncpExr3e2DVJjYZK3XIav/jrnQQKo/1CFKkyJgJD/TlY/FkFyFnAdhu118xNG:UnLhBTsZK3XLnnfKodSKHqJDG0dhu3H

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QQ牧夫 V3.00\qqmf.exe
    "C:\Users\Admin\AppData\Local\Temp\QQ牧夫 V3.00\qqmf.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ii23.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e65aafd0e324ea0ed22d486bcbc5b417

    SHA1

    f3f9ba4d77be7092a3974db5273e2de2f6434589

    SHA256

    ef5eb7711e6566704d90919ae6fab08cb7105092095d1b4e25356ce819a1e079

    SHA512

    562e9d8e9e28f016eb6768b05c350bcbc1603bbfd7f1c2586dad5395f85f69a91136001daad7f9c875d2814a5a1dfebdfaafcf33a636e183c6d0d9819e541ffa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    121f077695f9680d61509bc0aedfdc64

    SHA1

    bab740e8ea7ca2bb723c79c63dda1e97fc9641b1

    SHA256

    e3831503b6b6e7659029a7c587f1680d22238dba64f23e4ece7d320290903a40

    SHA512

    7c172d0e54ff98007aa1d27005b626f9d1d26fa108b2a76e86d371db40d7512434adf2e44e361059e51e97eb2ec24016803291079ce363fd505d103c1bd81ddf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea3f92ce26655a587a6b0c2d73fecfcf

    SHA1

    7bb91824b1c8db4cf3f45c3c2ad95246697f5730

    SHA256

    0bda98440df74bf18b34e09691e184d7358064f47a2ed6d6700476f955db117e

    SHA512

    29df7937c5fec8a78c985854ac4c8eb83b21f030b83f49fce24c35ea0a1596e5c003c884b06da233d202371522974e4a76b0dcb017922fd3fec38793e4a7b6d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e106e8128eade42f594cc824b69736d

    SHA1

    0f9674d83f5d666b20ab5331ed61e91369a09273

    SHA256

    9c5c84fffa8735fdfe31150e28f0940479de41ebd765a5da18e00b38154bcbfc

    SHA512

    509e320deb32bbf0c674d0b03ae2a4278ba88f87c39e13fd41ffcf56cde4e3426ec2e65df4b60720b6097b279791007ce919a63b24a2681352630cd128e6d663

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12cbc77d07f0275792dabdb5513cf457

    SHA1

    bad685541d29956fa8b230d36ea7a61d5f57161e

    SHA256

    88da802184a8b9d843b14b8ce1885f1b7124042ad68db31a4e0d9c4fe7f3f8a1

    SHA512

    dbd5dbba10323475e903b18d1195d37d21479e159291504a85d7c1680ebed93325d8096aa7c3bdfba5a17d87dc3050edb7c3278d9ff01478ec8d38ed1459a9fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b3b8feba9b8d87a960d4c682ee7c338

    SHA1

    857eea3451fdd1ecc66ffca7e4fea32b45702254

    SHA256

    468be0f0c23ad940611524c64f7d98c024a607eb58c1237ae0ddc1f5b60e217b

    SHA512

    ff7a43cf60f46e6e932e11604cea20af119efe5cd725d89bd63b8e82dcfac3b11aad84f435d8831e69f775753ea016e62a076a3af64b340ec5f9a622f271c337

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4de6952dbed6bbeb09f824030b504a38

    SHA1

    135a9120c2de15744ee6e0ce9b4fbfb62b40ff5a

    SHA256

    8ddbf98c55fd669d48ca7e61280ee6670fb1fda7dc6272d2d965e18ba8ebab65

    SHA512

    57c18895790835605845e5657c01e4bdae75d23f0f14a1e0a5ec1ced8341d025136422c59babf9aa30e370098777b4d458e885498c02e505752be355133714da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3fcf034b3a95cf59580fd25546dcb2cd

    SHA1

    b18263aaa488b4e88ed8e75a349012aa9a1e9270

    SHA256

    fb3196d0715b4df45cf8b11da45012ade6644b8399e9dc57f860f50b8319f99a

    SHA512

    02604b66cf06b4730d67b471ef7e823d6375936efd7daf0018e1a7f306999414eaec8eeadb287726e103f3b79df1900ac0c6213d7b0e7c76d36bcb3edf5eb7d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6ae53e556573a71ee3725daad0b3bdc

    SHA1

    cbfd942ca396b3c9c73b91c49a9578b82d8c6858

    SHA256

    0050e17871fd0942f2213da4b7991697bae6faaf2761e2b3d1683b971eee08e5

    SHA512

    90c67ca2ce38c3c38e25142a3d617cf71f021bec606ec2a06a9f8fc27714682cbaaeaa224abbb2a8ea23b9cd108bd600c483fb7aa1e3fe2d221d274eb3f37a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0845daab1ca2158f31419ca42aaf108e

    SHA1

    78ef222dfdad592cf836d701f9f015237b0ecc9a

    SHA256

    c91adac076ca2d3b88c16ea1faef108a43e198dfa0f3ac6b325f188b25918e9b

    SHA512

    0723c4da1ca63aadd0bee099ad40cad6467a70e6a177b19f912626dc1f8e0d794e9d861df8602343762d8ce96ce4fa0463b5b706e0f81ee6a91c85414f575f6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e8a3a83ecdd6990491a1a7838893faf

    SHA1

    729915c469024b0fb0006d32ded7dbde98afd493

    SHA256

    24b8979693d1509c4e03bd1b5f84f77a39bfa41439dc837936022b90195d2c4f

    SHA512

    17a62f1a2a851d34c7356cc2cb14ec5ceae5c2e522a21e1f59ac5edb11b5c92d5dc6d3e97239e25b5cfe2bb85538e935665b2a1875b0adc6d8264e5a15624235

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d33365acc74f02e4043a78a32d1a6fb0

    SHA1

    a6aebf5ec53a16c8b284b666c0fda6aa4b3c8695

    SHA256

    7732522980461cd0add6a67676fa610982ed5aecf1604431fa656fda39442449

    SHA512

    662dbd7299a8960d0fb4db74983eb922d46d4bea7166c67109377159039f3ff74073925c5c10f46d1a24a48e9e1b305272802e078a4176ee23198c434075e1d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8317803c3102e6093a19ac0195311e8a

    SHA1

    5e585ae6795d8147d32f3abe6b1b3268756cc380

    SHA256

    6e573994b05a942954da98ec1477be4bd832cb82e80da5ecabf22697a442d849

    SHA512

    40f1ffcdac3ec2b5ed50c9fffa89beeba9d642b75ad7f0cbc6c1b112efcff3c20c850c7bf09c479a081919ba16560ad38b7c2e45d23ffad953196a8022cad72d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f0013a67f818cc9590ced312990784d

    SHA1

    5728c2f33adeeb888873cca9a08261971c61185d

    SHA256

    ed9b7f9e0d747cd8c9f71fdb77a9d85b602eb49b0279036537f587add78d0054

    SHA512

    21a31b36e340402011ba0e9d8506487cea159d47dcd94db5e909f3873a9ec38240751d4ff2e93d9e6c69b600d5d4f6fab7134bf7cb9bb4e38b5651ee75b9eede

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d73d86f7388d3535dd52c8a8600396b5

    SHA1

    80750589e3c22a90c8ce3334fc42b7421346c7f8

    SHA256

    71e016cd23643efe316257cd5b93591595fba0d0b01b260291f12576dbdab4b0

    SHA512

    63ae6f334c8fbab075d04702d384c8f9520e45a6f6259ccd19679b01d7971d6a7183372b8119b8a9f53520183bd0350d59912e6db330bd8714b6d9353723af03

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53b58f11f43a685eb742ec6079920b5e

    SHA1

    b1a71fa98c8930b8c6b2d89378093613edbfa088

    SHA256

    4be2763e6b5ad9e42ea490487b86a3e28ff0c528e1bcfac3c76bdc90336e2901

    SHA512

    f83ad1e5c1f72968b6baa52673e707ec5275fdfccc0f1ef7a33aeda3d5f47a685c0ddaca6fa2a146e9203263afec8680b28e72f6554a2c5102d7097b80994352

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61fd95555fd0a238bbeec73e72035774

    SHA1

    bcfd1cc4da5c275076b2b44ce78d96605d446b1e

    SHA256

    e013400f0f766efc210ed891f1a70cfd3cb0b2e7396c265ecc39df3ea04b1bdd

    SHA512

    6242f6f617366bdbb6be5979a535c8aae20383e3f8893e957cbbe8e4f6963222a7c31fdffc671ce6f7adca107f6ef32ef90d87e3b1383f6eb83a165cf08bc483

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2429b785cd95a1f974017ab7d9b99f4

    SHA1

    7def3fc193b53df020ec591c223276bc7ef45621

    SHA256

    49b3b4c276486c2578bba53d85ec0328f5b1fec47176856bf4d86f8852b13aac

    SHA512

    c54d71fffe23de6deda1f64976c6a9b3b7875c35bc680ca9df36ac7e228b72425a6dbf209df85726c5ac4d8ec9c983f95c1d477d5dcb4404df331f78b274ac9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1cb099e918e0c5a33c9b5df0675f43a

    SHA1

    5619766462326a275c9320c40eec634b0a93b3a4

    SHA256

    8b8de96470cb29a21e57ab6a4de40b8e5bca5145e595c800785d61f6ee21aeee

    SHA512

    b87319e024aa062315b4a7843a205ac96646b8c8fb4745e763ba296fa97dce993f91c7b6addfd7564b3da1e23b4198a18aa4b485c0995b5d61b5c9cf3d1bd311

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD961.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD9D2.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1108-5-0x0000000000400000-0x000000000071E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1108-0-0x0000000000400000-0x000000000071E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1108-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1108-2-0x0000000000400000-0x000000000071E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1108-4-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1108-3-0x0000000000400000-0x000000000071E000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1108-6-0x0000000002270000-0x0000000002280000-memory.dmp

    Filesize

    64KB

    Download