Overview

overview

10

Static

static

KQdFq.dat.dll

windows7_x64

10

KQdFq.dat.dll

windows10_x64

10

Analysis

  • max time kernel
    128s
  • max time network
    136s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    27-07-2021 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KQdFq.dat.dll

  • Size

    409KB

  • MD5

    1d78af63cf39db93255eba78c469a598

  • SHA1

    6a41ff9c6f64875b29bc94dc110a7ec844dbbe45

  • SHA256

    80ebf667875c94175c392e21ed3e52fc1ebf7f2460fd8a82d5cde4c732612762

  • SHA512

    8f636135d412712196886c3a6193343ceb18f618e0e8d5248bdd3f06db5a6d2b2d2dbd474be246ab906f4a97b09f4680b10ec78ba38470f2db8cbb32ed251ed3

Score
10/10
suricata

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • suricata: ET MALWARE BazaLoader Activity (GET)
    suricata
  • suricata: ET MALWARE Observed Malicious SSL Cert (BazaLoader CnC)
    suricata
  • suricata: ET MALWARE Observed Malicious SSL Cert (Bazar Backdoor)
    suricata
  • Blocklisted process makes network request 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3020
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\KQdFq.dat.dll,#1
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Blocklisted process makes network request
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:992
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        2⤵
          PID:2228
      • C:\Windows\system32\rundll32.exe
        rundll32 "C:\Users\Admin\AppData\Local\Temp\KQdFq.dat.dll",#1
        1⤵
          PID:1852

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/992-114-0x0000016AFD830000-0x0000016AFD86C000-memory.dmp
          Filesize

          240KB

          Download
        • memory/1852-118-0x0000026ED9AD0000-0x0000026ED9B0C000-memory.dmp
          Filesize

          240KB

          Download
        • memory/2228-115-0x00007FF78F1E0000-0x00007FF78F466000-memory.dmp
          Filesize

          2.5MB

          Download
        • memory/2228-116-0x00007FF78F438B68-mapping.dmp
          Download
        • memory/2228-117-0x00007FF78F1E0000-0x00007FF78F466000-memory.dmp
          Filesize

          2.5MB

          Download