Overview

overview

10

Static

static

3

WinPatrol-...CZ.exe

windows7-x64

3

WinPatrol-...CZ.exe

windows10-2004-x64

3

$FAVORITES...��.url

windows7-x64

1

$FAVORITES...��.url

windows10-2004-x64

1

$PLUGINSDI...SH.dll

windows7-x64

3

$PLUGINSDI...SH.dll

windows10-2004-x64

3

$PLUGINSDI...NS.dll

windows7-x64

3

$PLUGINSDI...NS.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...NU.dll

windows7-x64

3

$PLUGINSDI...NU.dll

windows10-2004-x64

3

$PROGRAM_F...ar.dll

windows7-x64

3

$PROGRAM_F...ar.dll

windows10-2004-x64

3

$PROGRAM_F...ce.exe

windows7-x64

7

$PROGRAM_F...ce.exe

windows10-2004-x64

7

$PROGRAM_F...iz.exe

windows7-x64

10

$PROGRAM_F...iz.exe

windows10-2004-x64

10

$PROGRAM_F...52.exe

windows7-x64

8

$PROGRAM_F...52.exe

windows10-2004-x64

8

$SYSDIR/PATROLPRO.dll

windows7-x64

3

$SYSDIR/PATROLPRO.dll

windows10-2004-x64

3

BHO.html

windows7-x64

3

BHO.html

windows10-2004-x64

3

BLACKLIST.html

windows7-x64

3

BLACKLIST.html

windows10-2004-x64

3

COOKIES.html

windows7-x64

3

COOKIES.html

windows10-2004-x64

3

FEATURES.html

windows7-x64

3

FEATURES.html

windows10-2004-x64

3

FILETYPE.html

windows7-x64

3

FILETYPE.html

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 11:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PROGRAM_FILES_COMMON/NSISLog/$_15_/QQFace.exe

  • Size

    48KB

  • MD5

    eb118c331f3aaa1da1d5f72f9a6989c8

  • SHA1

    3ea0ab75f73ec2ff1894a852ddfe54efc34094c9

  • SHA256

    149c5e1aa34be7ba013f5eb24d7810184d835da5ad4958b1c87cfe61e7faa4d1

  • SHA512

    8abe5561fa3acb25fd0d9fd6037f98cfc36f98e4e7a9d75ffe206e5e17af69cbc3e8e282f3b28c4e5d84232f15113fe8736f299ebc4d66a55a12deb770deded1

  • SSDEEP

    1536:fPgXwpm4RmzZwCnUF2ICqdkJI6d2o1IklT:fPgXLdqF2fqdkJIEuk

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES_COMMON\NSISLog\$_15_\QQFace.exe
    "C:\Users\Admin\AppData\Local\Temp\$PROGRAM_FILES_COMMON\NSISLog\$_15_\QQFace.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nsd59D5.tmp\NSISdl.dll
    Filesize

    12KB

    MD5

    ed1a0e9f2e43d0b9911c20830bf9c70b

    SHA1

    6dc197bea1dcf81444148fb7cf963dc5f0fdda7d

    SHA256

    eb2aae4b1168d2cea71975ade37869988fab95346b8d4e8948dfa5b102f62f69

    SHA512

    6fb0210958b7579656e9f793adf4a03e2d5619ac6d76ecd2ce7ad8402bfe3273db68a04e551d8e3e76b6e9fd4fc09b5a3714db1e2da61c023ed998365427bed5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd59D5.tmp\System.dll
    Filesize

    10KB

    MD5

    10c44246d99a1c2e5f5e6b52b111a63d

    SHA1

    0f41da79c3e789f4ae38738e3a5d73c538f8af4f

    SHA256

    7a24883bdbf08ce90938094b6ab6f09a842af10b18b8ae4d70da2e6b806490b8

    SHA512

    e5b0fa27cd02a67be5eb9c63646621d3e9ccfada98659c50dee8310a58ce12e1a6a059788b85f0f440067ed7e281a0e1a526b9403993b9000f91a51bfbb50da3

    Download Submit