Overview

overview

10

Static

static

KQdFq.dat.dll

windows7_x64

10

KQdFq.dat.dll

windows10_x64

10

Analysis

  • max time kernel
    124s
  • max time network
    171s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    27-07-2021 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KQdFq.dat.dll

  • Size

    409KB

  • MD5

    1d78af63cf39db93255eba78c469a598

  • SHA1

    6a41ff9c6f64875b29bc94dc110a7ec844dbbe45

  • SHA256

    80ebf667875c94175c392e21ed3e52fc1ebf7f2460fd8a82d5cde4c732612762

  • SHA512

    8f636135d412712196886c3a6193343ceb18f618e0e8d5248bdd3f06db5a6d2b2d2dbd474be246ab906f4a97b09f4680b10ec78ba38470f2db8cbb32ed251ed3

Score
10/10
suricata

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • suricata: ET MALWARE BazaLoader Activity (GET)
    suricata
  • suricata: ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)
    suricata
  • suricata: ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
    suricata
  • Blocklisted process makes network request 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1208
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\KQdFq.dat.dll,#1
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Blocklisted process makes network request
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2000
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:792
      • C:\Windows\system32\rundll32.exe
        rundll32 "C:\Users\Admin\AppData\Local\Temp\KQdFq.dat.dll",#1
        1⤵
          PID:1844

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          MD5

          2902de11e30dcc620b184e3bb0f0c1cb

          SHA1

          5d11d14a2558801a2688dc2d6dfad39ac294f222

          SHA256

          e6a7f1f8810e46a736e80ee5ac6187690f28f4d5d35d130d410e20084b2c1544

          SHA512

          efd415cde25b827ac2a7ca4d6486ce3a43cdcc1c31d3a94fd7944681aa3e83a4966625bf2e6770581c4b59d05e35ff9318d9adaddade9070f131076892af2fa0

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          MD5

          99eba65f50cec0f3915336ff84f961f9

          SHA1

          cb02e1540af46a2ab8fa7966b2508e955d185e60

          SHA256

          393e5b5ff88514c7753fd45ee8d23e5881be07253da6db01438c34e28edefc6b

          SHA512

          561eae03d58529ad8279b7f788abf370a232da45c96b5a346a06a97508090fcf61c56e1acf0ade00c29daf527907f355646cb9ae7fdd47a6a5324be67c4042ff

          Download Submit
        • memory/792-60-0x000000013F530000-0x000000013F7B6000-memory.dmp
          Filesize

          2.5MB

          Download
        • memory/792-61-0x000000013F788B68-mapping.dmp
          Download
        • memory/792-62-0x000000013F530000-0x000000013F7B6000-memory.dmp
          Filesize

          2.5MB

          Download
        • memory/1844-63-0x00000000003A0000-0x00000000003DC000-memory.dmp
          Filesize

          240KB

          Download
        • memory/2000-59-0x00000000001B0000-0x00000000001EC000-memory.dmp
          Filesize

          240KB

          Download