Resubmissions
25-07-2022 08:34
220725-kgh6wabefn 10Analysis
-
max time kernel
94s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
25-07-2022 08:34
General
-
Target
trespay.dll
-
Size
126KB
-
MD5
3e8576445e163033b0d47403223270eb
-
SHA1
b516e6ce199b43d997eac2f3a41d537997e103ef
-
SHA256
f161a836afdfcf9341cae1cc806404ff178b061266e71e587117b987ed36029d
-
SHA512
1c147b9c0ad43eeb8ea66e98c7186c5fea8a030cc2d0b92a87c1b7a14254fb5c8a996ec0a530fa91923601f8af4cc6130b12737173b9e74d52357d57ff3fea4f
Score
10/10
Malware Config
Signatures
-
Qakbot/Qbot
Qbot or Qakbot is a sophisticated worm with banking capabilities.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\trespay.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\trespay.dll2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 6043⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2480 -ip 24801⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2480-130-0x0000000000000000-mapping.dmp
-
memory/2480-131-0x00000000007B0000-0x00000000007D2000-memory.dmpFilesize
136KB
-
memory/2480-133-0x00000000007B0000-0x00000000007D2000-memory.dmpFilesize
136KB