2db6ed1bbdd48e296d82f7ebf9b54524bd79d5a97b0b7b08c9d093cd57e54060

Analysis

max time kernel
52s
max time network
57s
platform
windows10_x64
resource
win10-20220414-en
submitted
12-07-2022 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QBot/WindowsCodecs.dll
Size

4KB
MD5

491e9489c9e11f8b9d3d77239559a194
SHA1

f5df8d4edfdc22646c106259c21abe8d79195e31
SHA256

6e3661049bde832369781afa1d9034315442b1e4b87aa92d571cbe73186997c5
SHA512

ef0bd113fe6b64d7673b33cce559bdc0cfc99c81baac78c4a15b00b7eeb07470aa36e0f29a695b615fe149858a23733015c467948d889ffbee9a1fc916e2ceae

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2356 wrote to memory of 2580	2356	regsvr32.exe	regsvr32.exe
PID 2356 wrote to memory of 2580	2356	regsvr32.exe	regsvr32.exe
PID 2356 wrote to memory of 2580	2356	regsvr32.exe	regsvr32.exe
PID 2580 wrote to memory of 4692	2580	regsvr32.exe	regsvr32.exe
PID 2580 wrote to memory of 4692	2580	regsvr32.exe	regsvr32.exe
PID 2580 wrote to memory of 4692	2580	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\QBot\WindowsCodecs.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\QBot\WindowsCodecs.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\SysWOW64\regsvr32.exe 102755.dll
    3⤵
    PID:4692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2580-156-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-131-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-120-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-121-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-122-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-123-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-124-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-125-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-126-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-127-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-128-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-129-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-130-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-154-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-132-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-133-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-134-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-135-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-136-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-137-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-138-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-139-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-140-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-141-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-142-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-144-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-146-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-148-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-150-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-151-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-152-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-155-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-145-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-119-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-153-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-149-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-147-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-118-0x0000000000000000-mapping.dmp

Download
memory/2580-143-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-157-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-158-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-159-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-182-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-180-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-162-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-178-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-176-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-169-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/2580-166-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-168-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-172-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-165-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-171-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-170-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-173-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-175-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-161-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-163-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-164-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-167-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-160-0x0000000000000000-mapping.dmp

Download
memory/4692-183-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-181-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-179-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-174-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download
memory/4692-177-0x0000000077CE0000-0x0000000077E6E000-memory.dmp

Filesize
1.6MB

Download