Overview
overview
10Static
static
7ﱞﱞﱞï...ﱞﱞ
windows10_x64
1ﱞﱞﱞï...ﱞﱞ
windows10_x64
10ﱞﱞﱞï...ﱞﱞ
windows10_x64
3ﱞﱞﱞï...ﱞﱞ
windows10_x64
1ﱞﱞﱞï...ﱞﱞ
windows10_x64
1ﱞﱞﱞï...ﱞﱞ
windows10_x64
1ﱞﱞﱞï...ฺฺ
windows10_x64
1ﱞﱞﱞï...ฺฺ
windows10_x64
10ﱞﱞﱞï...ฺฺ
windows10_x64
3ﱞﱞﱞï...ฺฺ
windows10_x64
1ﱞﱞﱞï...ฺฺ
windows10_x64
1ﱞﱞﱞï...ฺฺ
windows10_x64
1Analysis
-
max time kernel
270s -
max time network
275s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
22-04-2021 05:40
Static task
static1
Behavioral task
behavioral1
Sample
API-MS-Win-core-xstate-l2-1-0.dll
Resource
win10v20210408
Behavioral task
behavioral2
Sample
Launcher.exe
Resource
win10v20210410
Behavioral task
behavioral3
Sample
api-ms-win-crt-private-l1-1-0.dll
Resource
win10v20210408
Behavioral task
behavioral4
Sample
chrome_elf.dll
Resource
win10v20210410
Behavioral task
behavioral5
Sample
mtl_libovr.dll
Resource
win10v20210410
Behavioral task
behavioral6
Sample
qwindows.dll
Resource
win10v20210408
Behavioral task
behavioral7
Sample
API-MS-Win-core-xstate-l2-1-0.dll
Resource
win10v20210410
Behavioral task
behavioral8
Sample
Launcher.exe
Resource
win10v20210408
Behavioral task
behavioral9
Sample
api-ms-win-crt-private-l1-1-0.dll
Resource
win10v20210410
Behavioral task
behavioral10
Sample
chrome_elf.dll
Resource
win10v20210408
Behavioral task
behavioral11
Sample
mtl_libovr.dll
Resource
win10v20210410
Behavioral task
behavioral12
Sample
qwindows.dll
Resource
win10v20210410
General
-
Target
qwindows.dll
-
Size
1.1MB
-
MD5
98154c945bd4f03456d4d6b7a12edf9b
-
SHA1
a90add5561c1d3f87b407303b769da569b2d742b
-
SHA256
eeff4fb35549b038bc9f46feaecd1e00832a1ab010b3a33754c8512f39e3cad1
-
SHA512
92fa865355a9ef75c6b46d261a5498f1a4f1d91ee98dea6e6a88149fd1dbc14291620ac7dbb317be76f4a9bae7d23f998a49dda42d009205e67e16e0eb36118c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3896 wrote to memory of 3280 3896 rundll32.exe rundll32.exe PID 3896 wrote to memory of 3280 3896 rundll32.exe rundll32.exe PID 3896 wrote to memory of 3280 3896 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3280-114-0x0000000000000000-mapping.dmp