Overview

overview

7

Static

static

7

smzy_qiyiq...OM.url

windows7-x64

1

smzy_qiyiq...OM.url

windows10-2004-x64

1

smzy_qiyiq...JK.dll

windows7-x64

7

smzy_qiyiq...JK.dll

windows10-2004-x64

7

smzy_qiyiq...me.htm

windows7-x64

3

smzy_qiyiq...me.htm

windows10-2004-x64

3

smzy_qiyiq...mm.dll

windows7-x64

3

smzy_qiyiq...mm.dll

windows10-2004-x64

3

smzy_qiyiq...ol.dll

windows7-x64

3

smzy_qiyiq...ol.dll

windows10-2004-x64

3

smzy_qiyiq...63.exe

windows7-x64

7

smzy_qiyiq...63.exe

windows10-2004-x64

7

smzy_qiyiq...��.htm

windows7-x64

3

smzy_qiyiq...��.htm

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-09-2024 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    smzy_qiyiqqguaji/[破解版]奇易QQ挂常用IP工具V2.63/奇易QQ挂常用IP工具V2.63.exe

  • Size

    6.6MB

  • MD5

    2035e8881fa41d4bf14ab5bd20ea52f2

  • SHA1

    5e168354eb2071ef6b34e1bd23538c3bae3d752f

  • SHA256

    2d415f6a6308a033d8fc10b2fd2fbcd70de7861b4eddfdeab66d24ca533e4344

  • SHA512

    108b23e14ebf6df8dd028c55548dc083ac1a663226d09a69c846d5464288daa73629829920dd64b49454dcfc2873bf1c43efbdff40e67e320377638dfb5cf7c5

  • SSDEEP

    196608:3it2NBwATCjRK/iglZA6wvHIFxaafeSkfSXx:5BwATCjRK///ro+xtfeLfS

Score
7/10
discoveryvmprotect

Malware Config

Signatures

  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\smzy_qiyiqqguaji\[破解版]奇易QQ挂常用IP工具V2.63\奇易QQ挂常用IP工具V2.63.exe
    "C:\Users\Admin\AppData\Local\Temp\smzy_qiyiqqguaji\[破解版]奇易QQ挂常用IP工具V2.63\奇易QQ挂常用IP工具V2.63.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2176-0-0x00000000002B0000-0x0000000000388000-memory.dmp

    Filesize

    864KB

    Download

  • memory/2176-2-0x0000000000400000-0x000000000147F000-memory.dmp

    Filesize

    16.5MB

    Download

  • memory/2176-3-0x0000000000401000-0x0000000000607000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2176-10-0x00000000755C0000-0x00000000755C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2176-6-0x00000000778F0000-0x00000000778F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2176-4-0x00000000778F0000-0x00000000778F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2176-13-0x0000000000400000-0x000000000147F000-memory.dmp

    Filesize

    16.5MB

    Download

  • memory/2176-14-0x0000000000400000-0x000000000147F000-memory.dmp

    Filesize

    16.5MB

    Download

  • memory/2176-15-0x0000000000400000-0x000000000147F000-memory.dmp

    Filesize

    16.5MB

    Download

  • memory/2176-16-0x0000000000400000-0x000000000147F000-memory.dmp

    Filesize

    16.5MB

    Download