034e5b6eb8b5caeae7054b2765fa1bd56c64ee559489b042a4752d3e1e2d2cce | Triage

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
31-08-2022 02:55

Sharing

Report Analysis Logs

General

Target

qakbot.dll
Size

178KB
MD5

140c4fd2f3880220aa54d942e7bacaee
SHA1

da271caa763198ff6c48c4c70ddf9bb0fb8919e1
SHA256

034e5b6eb8b5caeae7054b2765fa1bd56c64ee559489b042a4752d3e1e2d2cce
SHA512

8aa8409d3f55865256f707196dd686b55b89f0c5bbc241e3f3b714349df427e2b9ca0b30b1055b19c6171dbdee10008bf6b0658f7b195cfb34d5ae36eb5fb96c
SSDEEP

3072:nKJXr+BqdIfsLi86zSpMV9nJH36QBnoxFnOTBfu0kTgxokz1:ngXrXi88NNoxFnOTBW04g6k

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1940 wrote to memory of 2036	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2036	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2036	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2036	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2036	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2036	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 2036	1940	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\qakbot.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\qakbot.dll,#1
2⤵
PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x0000000000000000-mapping.dmp

Download
memory/2036-55-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download