Analysis
-
max time kernel
142s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
08-09-2022 21:17
Static task
static1
Behavioral task
behavioral1
Sample
qakbot.dll
Resource
win7-20220812-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
qakbot.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
qakbot.dll
-
Size
533KB
-
MD5
76dd8de86a8a0c3c66c86cb854617879
-
SHA1
f4b53cfd6e81b532c585e62defae7c37a6b695ed
-
SHA256
1566d011a12613080aaeb6741c06ea832b9d28af725dce6017e11b5eec148836
-
SHA512
3d95fdc7a586d0a2a0b80d2f97bb18fb9321d16bf28cc793778a94f96f76b594cb841d6f53dfaa8163cbef34ee30c8f1553d61989e086ecb95b70d97fd023299
-
SSDEEP
12288:LWghjfsaHKisYUVJAEvyxN1Us1RvCey4CZfxz4uc:SijHHKH53vU1UwRq3bzp
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5052 wrote to memory of 2296 5052 rundll32.exe rundll32.exe PID 5052 wrote to memory of 2296 5052 rundll32.exe rundll32.exe PID 5052 wrote to memory of 2296 5052 rundll32.exe rundll32.exe