Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
-
submitted
17/03/2025, 00:16
General
-
Target
31ac63986892136dfbcfe6a88f7bb28dc68ea572f01dbc97a67025a03d2a22dc.exe
-
Size
84KB
-
MD5
43321069d47fbc0971f2679d177c02d5
-
SHA1
4e83b771bd805a7ddb3c09a4b5a1085833b22500
-
SHA256
31ac63986892136dfbcfe6a88f7bb28dc68ea572f01dbc97a67025a03d2a22dc
-
SHA512
46dad3c69097b80d180bfc214711d5d164577fa4914081ad4d78ad69f5f1f8ff37bc4a0594456d4fedbfa0576eededb58f907f02a03c7f4b7aac3f10781b5a00
-
SSDEEP
1536:Kc5OSJHk5rzX+KXNuAKf61xY6L+1qHpUq3VC8AaO7y/4iWT+/SAPpzlS1pG9btnM:KNkkRpXNNY61vZJUq3pi7y/4b+/hPpkf
Malware Config
Extracted
qqpass
http://cf.qq.com/act/a20141214luxury/?ADTAG=client.btn.detail
-
url
http://i3.tietuku.com/801db876cdcaa96c.png
-
user_agent
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Signatures
-
QQpass
QQpass is a trojan written in C++..
-
Qqpass family
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\31ac63986892136dfbcfe6a88f7bb28dc68ea572f01dbc97a67025a03d2a22dc.exe"C:\Users\Admin\AppData\Local\Temp\31ac63986892136dfbcfe6a88f7bb28dc68ea572f01dbc97a67025a03d2a22dc.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysceamtluqn.exe"C:\Users\Admin\AppData\Local\Temp\Sysceamtluqn.exe"2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
102B
MD54eb94b01969fa28c09b2dbc2b33f40e9
SHA19168e91a470436b037a20f0e3c52f0bf9129b298
SHA256178fe12fb6f34eeebea665e76f7a3dd3ddf78c7671bd467680b6e1dfc5fa3986
SHA512ac3d0fd76e700d0a70a0f5c8ccbf9d97c412d0a613d6e0e5d7c3b3f66accf8a93c3ae6438a3dea3289a468e3894c8366ff835e8ecd72ed3487c2bf754cd3a2cf
-
Filesize
84KB
MD58a2184687225242823de8b316e5ca02c
SHA16397d03e32a6923ebc510d1b212ce0cba9cfbde9
SHA256c1f8de4831f97ac92896d6f289672c8ee7936a865f25149a8134bb2391143d29
SHA5125be932d921f3b93e8ea23da6b2814ee988e59d3ea873fbf365e4cd12b0ed251f0e04c490389d7ace54a10434d8d16841e0a5c285e8d95b423e37422e6b3de8fe
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB