Overview

overview

7

Static

static

3

Java反编...up.exe

windows7-x64

3

Java反编...up.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDIR/nsWeb.dll

windows7-x64

3

$PLUGINSDIR/nsWeb.dll

windows10-2004-x64

3

$TEMP/fzhjd/1.exe

windows7-x64

7

$TEMP/fzhjd/1.exe

windows10-2004-x64

7

$TEMP/fzhjd/qqbq.exe

windows7-x64

7

$TEMP/fzhjd/qqbq.exe

windows10-2004-x64

7

Configuration.exe

windows7-x64

3

Configuration.exe

windows10-2004-x64

3

JDecompiler.exe

windows7-x64

3

JDecompiler.exe

windows10-2004-x64

3

jad.exe

windows7-x64

3

jad.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

�...��.url

windows7-x64

1

�...��.url

windows10-2004-x64

1

.rtf

windows7-x64

4

.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-09-2024 04:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/fzhjd/qqbq.exe

  • Size

    48KB

  • MD5

    5621b2732fc65b8d8db2c7dc5ef6c40c

  • SHA1

    b991d38f0414b7f27c8f6de3eb498ba6876068e8

  • SHA256

    bd911431bd69f8a09b08c587ccc9c94b3c1bc376506613f822880ac9adffe13a

  • SHA512

    d57a3e0e5b14dd1e4e8384cc31336e8179c73fc17fcf07bf03680b7bce13c160ee0d3d61a7db74f75c7c6fa69fa215a778816e04468366c56d6f87ec706e230f

  • SSDEEP

    768:84PgXuTkSBmVeRP+z2wYfxG7lWHE/nUF2kLpcqSFuHtLHkJI629a0gtKbAeavjwo:fPgXwpm4RmzZwCnUF2ICqdkJI6rlndP

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\fzhjd\qqbq.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\fzhjd\qqbq.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsdD625.tmp\NSISdl.dll
    Filesize

    12KB

    MD5

    ed1a0e9f2e43d0b9911c20830bf9c70b

    SHA1

    6dc197bea1dcf81444148fb7cf963dc5f0fdda7d

    SHA256

    eb2aae4b1168d2cea71975ade37869988fab95346b8d4e8948dfa5b102f62f69

    SHA512

    6fb0210958b7579656e9f793adf4a03e2d5619ac6d76ecd2ce7ad8402bfe3273db68a04e551d8e3e76b6e9fd4fc09b5a3714db1e2da61c023ed998365427bed5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdD625.tmp\System.dll
    Filesize

    10KB

    MD5

    10c44246d99a1c2e5f5e6b52b111a63d

    SHA1

    0f41da79c3e789f4ae38738e3a5d73c538f8af4f

    SHA256

    7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

    SHA512

    e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

    Download Submit