Overview

overview

10

Static

static

10

sqx.dll

windows10_x64

3

Analysis

  • max time kernel
    1154s
  • max time network
    1591s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    20-06-2022 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sqx.dll

  • Size

    576KB

  • MD5

    6846863de6df3ae7b4dd858aba31785e

  • SHA1

    4fef40c3e5d4de26a7f945d2f754ab3cbfdf3591

  • SHA256

    ab19f6f01c7e14df1556e786b9cfa57bb7c4a895c5c29782c90c2f366d5ed257

  • SHA512

    260fa2ee04ea81b3fa53b4b30867b3d1a13eb670ae1a0d38d5b786980d7210d0ca86673e772f9d130e07e799f782c77b9bef70b31da80db4faf0b125eecdb269

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\sqx.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\sqx.dll
      2⤵
        PID:2724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 620
          3⤵
          • Program crash
          PID:2672
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2648
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4772
        • C:\Windows\system32\regsvr32.exe
          regsvr32 /s sqx.dll
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4824
          • C:\Windows\SysWOW64\regsvr32.exe
            /s sqx.dll
            4⤵
              PID:4336
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 628
                5⤵
                • Program crash
                PID:4988
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1796
        • C:\Windows\system32\cmd.exe
          "C:\Windows\system32\cmd.exe"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:3408
          • C:\Windows\system32\regsvr32.exe
            regsvr32 sqx.dll
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:3492
            • C:\Windows\SysWOW64\regsvr32.exe
              sqx.dll
              4⤵
                PID:236
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
          1⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1836
          • C:\Windows\system32\cmd.exe
            "C:\Windows\system32\cmd.exe"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:4588
            • C:\Windows\system32\rundll32.exe
              rundll32 sqx.dll,#1
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:4744
              • C:\Windows\SysWOW64\rundll32.exe
                rundll32 sqx.dll,#1
                4⤵
                  PID:3780

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
            Filesize

            3KB

            MD5

            ea6243fdb2bfcca2211884b0a21a0afc

            SHA1

            2eee5232ca6acc33c3e7de03900e890f4adf0f2f

            SHA256

            5bc7d9831ea72687c5458cae6ae4eb7ab92975334861e08065242e689c1a1ba8

            SHA512

            189db6779483e5be80331b2b64e17b328ead5e750482086f3fe4baae315d47d207d88082b323a6eb777f2f47e29cac40f37dda1400462322255849cbcc973940

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
            Filesize

            3KB

            MD5

            a92e13d0db9aafaaff6dc89a349fd905

            SHA1

            ce8f30b74396169e7219ce8633b3f829f1e3d5df

            SHA256

            df7e122471c11aaf526995118028acb983edec79b4686fd094f681708b47c7b8

            SHA512

            b4f936187de84251519376b3db6b7ad5c20b5ad7cef3719abf9e30e101e54c957738d9ee7861037b9c0bb6226d90d61aa1e83a69bdcf7fa28be8d8d44d1d3448

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
            Filesize

            3KB

            MD5

            b39b30fd8877a109564f0a1ad6548f50

            SHA1

            7b3ac09723c1c205628cd810a217e024cfcf5f05

            SHA256

            4d32a5a391aff64afd5fd96ddc425343aed2b73b9eef1399a78f1c8ea4122663

            SHA512

            3baf13b6fea1424d77e797a90c78662b39a8f2331d8d8780cb6e804e164c6d70c0865124f72b91ac42b0984efc47cea941cc2e4e1b548a44f8312e32069bf8e8

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
            Filesize

            11B

            MD5

            96a5b608546e746260bccc0c7e7ef54b

            SHA1

            9e7c0ff2701aeb81f8fcad71a65653aaf41a3aab

            SHA256

            f0edd6eb312cba7446d58766c2b8b99d3210e240a7e32b77b4f11c5098286624

            SHA512

            e26b8a5e27839af0dcd5e756d9e9ef9471c356c3154b12fe668949d7c1ef9050039cbe64802166e432fa0e2b3ea3850e6c037a8de48e7bb4243a81a4271e23eb

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt
            Filesize

            22B

            MD5

            a5c908e90ffbf2764b879f6f9b1de4d0

            SHA1

            20605e8f6b3ccc105595f07c3e4e441517ccc367

            SHA256

            965c079bb84a56fb67f247d5009a4475d183da8a10950f555cf05234928be9b4

            SHA512

            3e9524a0468fa734e13b65f6ce1b5dce44ea3a7f83a7ced90bbd0276fb0fbbe1929dc8d50d99ee6019b9bee065a074b8cafaf84bd05639bee832ff8ab31c3b86

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
            Filesize

            5KB

            MD5

            6df4b167a3d08c16d3e5e7dce2becd6f

            SHA1

            37d6a7592bef3b7af9f73c191b7034f4f0fa49ed

            SHA256

            76b8c3f460af397f272b1eabe4624db8b54420078618f885da31fe6f248473df

            SHA512

            f96f7425c0f8a676748d93e190962105af05a42465eac247fe121dc2f75047c6157050653ac21b764e24fc1f09519fe07cc3b064398d3a9ad884b241f78b0bd4

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
            Filesize

            5KB

            MD5

            d227deaf9db58105374274bd3c394c98

            SHA1

            3da5304424973999966f4e66043c17cc5d9754a9

            SHA256

            b8a87d81d1966ebe88533c6b9f9fad86d1d56ea7740a489de5b3149a5c3d5b7e

            SHA512

            eda383bb9c4a9e702dde9c2cd708ee936ee9a4571e282cbf0283af97f5b66f3fe5a47824b6fe871e3a1ba1b87bf87d2fba81c13bee979ec124fba2fd784dd968

            Download Submit

          • memory/236-306-0x0000000000000000-mapping.dmp

            Download

          • memory/2648-163-0x000001B87F620000-0x000001B87F642000-memory.dmp

            Filesize

            136KB

            Download

          • memory/2648-193-0x000001B87FBC0000-0x000001B87FC36000-memory.dmp

            Filesize

            472KB

            Download

          • memory/2648-182-0x000001B87FB00000-0x000001B87FB3C000-memory.dmp

            Filesize

            240KB

            Download

          • memory/2724-138-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-151-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-130-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-131-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-132-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-133-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-134-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-135-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-136-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-137-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-117-0x0000000000000000-mapping.dmp

            Download

          • memory/2724-139-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-140-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-141-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-142-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-143-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-144-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-145-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-147-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-146-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-148-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-149-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-150-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-125-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-152-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-153-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-154-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-155-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-156-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-157-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-158-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-128-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-127-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-126-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-124-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-118-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-119-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-129-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-120-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-121-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-123-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/2724-122-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/3408-302-0x0000000000000000-mapping.dmp

            Download

          • memory/3492-305-0x0000000000000000-mapping.dmp

            Download

          • memory/3780-411-0x0000000000000000-mapping.dmp

            Download

          • memory/4336-213-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-234-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-223-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-224-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-225-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-226-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-227-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-228-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-229-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-230-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-231-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-232-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-233-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-222-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-235-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-221-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-220-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-219-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-218-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-217-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-216-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-215-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-214-0x0000000077440000-0x00000000775CE000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4336-212-0x0000000000000000-mapping.dmp

            Download

          • memory/4588-407-0x0000000000000000-mapping.dmp

            Download

          • memory/4744-410-0x0000000000000000-mapping.dmp

            Download

          • memory/4772-209-0x0000000000000000-mapping.dmp

            Download

          • memory/4824-211-0x0000000000000000-mapping.dmp

            Download