855d994792ea448c414149c5e1d6d52f81bbbbf1864b8f019715228f962e5c20 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

qqxwwycjsh...mp.exe

windows7-x64

7

qqxwwycjsh...mp.exe

windows10-2004-x64

7

qqxwwycjsh...��.url

windows7-x64

1

qqxwwycjsh...��.url

windows10-2004-x64

1

Sharing

General

Target

30799d2d2aa93db22c59013229b40119_JaffaCakes118
Size

7.9MB
Sample

241010-sc615sxall
MD5

30799d2d2aa93db22c59013229b40119
SHA1

41cce22237be2504430edb104b458ccf595400a4
SHA256

855d994792ea448c414149c5e1d6d52f81bbbbf1864b8f019715228f962e5c20
SHA512

18d6daca8cd7006d2b8c553de94be20adc78c03468ed5995eb57a74388b092c1a353274d5b686ab3b41e444d5ca6f4d72e98f72f1acb5aa613c35c33d893dedb
SSDEEP

196608:zveQUx7VsRs18ED2XVd9Rne4Tf+RzGvbuOBx6jqXCWJG/fOi+XP9vGU:zm/QRWLONeXBOJGHOi+XPRGU

Score

7^/10

discovery vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

qqxwwycjshy_piaodown/炫舞网页抽奖三合一能版本.vmp.exe

Resource

win7-20240903-en

discovery vmprotect

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

qqxwwycjshy_piaodown/炫舞网页抽奖三合一能版本.vmp.exe

Resource

win10v2004-20241007-en

discovery vmprotect

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

qqxwwycjshy_piaodown/飘荡软件.url

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

qqxwwycjshy_piaodown/飘荡软件.url

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  qqxwwycjshy_piaodown/炫舞网页抽奖三合一能版本.vmp.exe
- Size
  
  8.1MB
- MD5
  
  a2aa73cbf55fc36dbdafa4d019468f18
- SHA1
  
  310cfaa1166b931741e054324ab7fbd8470625f9
- SHA256
  
  d25bd976db50b3bc66a98a2113aa199499b1155456cb8e25d24441565265e069
- SHA512
  
  7915f8340dfa092f89f6de69164f9b6e154dae879b687b311889232c26b6fddd9766f61012a00055b9c8cff23e49bc694ade12d97a6bef0152205511a69658ab
- SSDEEP
  
  196608:dSsK31X1MPQj0ZPJh5UmxlHHQWC40ELACCyx:eFFuQwjxlHHQWC40sACJx
Score

7^/10

discovery vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral1 behavioral2
- Target
  
  qqxwwycjshy_piaodown/飘荡软件.url
- Size
  
  328B
- MD5
  
  e97aad722245bfc4a60be0e6f453be6f
- SHA1
  
  c7b7c9585109f71526ed65616668ef7573841d9a
- SHA256
  
  3f6b8de5ca595a2e7371396fcb22b303e0f664733aabc940657c33324d5f269a
- SHA512
  
  f151b723079fc09ac4b44c540b278b8c273f3958d5b661a6b30e31b119dca6d017ab0f987c52c60cc46e917ef9626e943971017d8e1dfe11c4cf27b93a2c772a
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryvmprotect

behavioral2

discoveryvmprotect

behavioral3

behavioral4

© 2018-2025

Terms | Privacy