f352c5a50bd9731e4178ee590fbfbc154f61da150534fdb33bd5f667505181d1 | Triage

Analysis

max time kernel
270s
max time network
275s
platform
windows10_x64
resource
win10v20210410
submitted
22-04-2021 05:40

Sharing

Report Analysis Logs

General

Target

qwindows.dll
Size

1.1MB
MD5

98154c945bd4f03456d4d6b7a12edf9b
SHA1

a90add5561c1d3f87b407303b769da569b2d742b
SHA256

eeff4fb35549b038bc9f46feaecd1e00832a1ab010b3a33754c8512f39e3cad1
SHA512

92fa865355a9ef75c6b46d261a5498f1a4f1d91ee98dea6e6a88149fd1dbc14291620ac7dbb317be76f4a9bae7d23f998a49dda42d009205e67e16e0eb36118c

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3896 wrote to memory of 3280	3896	rundll32.exe	rundll32.exe
PID 3896 wrote to memory of 3280	3896	rundll32.exe	rundll32.exe
PID 3896 wrote to memory of 3280	3896	rundll32.exe	rundll32.exe

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\qwindows.dll,#1
1⤵
PID:3280

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\qwindows.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3896

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3280-114-0x0000000000000000-mapping.dmp

Download