Resubmissions
15-07-2021 13:15
210715-9sx48szksa 1015-07-2021 13:15
210715-hdbmqll9yj 1015-07-2021 11:47
210715-kkrgzfhz5a 10Analysis
-
max time kernel
312s -
max time network
721s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
15-07-2021 13:15
Static task
static1
Behavioral task
behavioral1
Sample
injector.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
injector.exe
Resource
win10v20210410
Behavioral task
behavioral3
Sample
platforms/qwindows.dll
Resource
win7v20210410
Behavioral task
behavioral4
Sample
platforms/qwindows.dll
Resource
win10v20210408
Behavioral task
behavioral5
Sample
updater.ini.jpg
Resource
win7v20210410
Behavioral task
behavioral6
Sample
updater.ini.jpg
Resource
win10v20210408
General
-
Target
platforms/qwindows.dll
-
Size
1005KB
-
MD5
be068132ece3f794f09c9d6b5ba20b91
-
SHA1
859599fa72d128e33db6fe99ba95a8b63b15cc89
-
SHA256
59dcecb111aa15159414819f4f522e7f90597939cab572b982beebee5dc0efdf
-
SHA512
13829ae9b7bd0cba95800075b24570f3c70a6c4b3d4b3c4da76b0077e37c75194e929d8d56a2db69e22a319ba5077d188a6f3baedd1f69f79979717d6f6d1b6f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 804 wrote to memory of 1048 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1048 804 rundll32.exe rundll32.exe PID 804 wrote to memory of 1048 804 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1048-114-0x0000000000000000-mapping.dmp