Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Details.lnk

windows10-1703-x64

10

alphabetic...ds.cmd

windows10-1703-x64

1

alphabetic...ed.dll

windows10-1703-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/10/2022, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Details.lnk

  • Size

    1KB

  • MD5

    fc5bc2bb92c5fb2153944fcb5d255fd3

  • SHA1

    c92802d6480ec15fadb8f82460d60f7684f823f1

  • SHA256

    1ce88481bc2e46aadf6c14d6b94d1394421b47e49fc34f867e08c2b73524763d

  • SHA512

    aa57a75444b620d923f1a6852fad7d6522c082038feec15559bee099909a1747c6b179639f0796bb7759a36a6e8990020ef32ae2504c8e87cd0e45beb9915973

Score
10/10
qakbotbb041666776497bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666776497

C2

197.204.53.242:443

83.244.63.21:443

27.110.134.202:995

173.49.74.62:443

181.164.194.228:443

24.116.45.121:443

41.47.249.185:443

24.206.27.39:443

113.183.223.8:443

186.188.80.134:443

64.207.237.118:443

156.216.134.70:995

58.247.115.126:995

180.151.116.67:443

41.140.63.187:443

144.202.15.58:443

190.199.97.108:993

172.117.139.142:995

45.230.169.132:995

24.9.220.167:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Details.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4972
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c alphabetical\minds.cmd vr 32. exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:5008
      • C:\Windows\system32\replace.exe
        replace C:\Windows\\system32\\regsvr32.exe C:\Users\Admin\AppData\Local\Temp /A
        3⤵
          PID:4732
        • C:\Users\Admin\AppData\Local\Temp\regsvr32.exe
          regsvr32.exe alphabetical\unperched.dat
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:5028
          • C:\Windows\SysWOW64\regsvr32.exe
            alphabetical\unperched.dat
            4⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            • Suspicious use of WriteProcessMemory
            PID:1624
            • C:\Windows\SysWOW64\wermgr.exe
              C:\Windows\SysWOW64\wermgr.exe
              5⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:3480

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\regsvr32.exe
      Filesize

      23KB

      MD5

      a8819a40562f8afe1ea5a24d4fafea5d

      SHA1

      c5da393b44176770471a8d6b9324eb387046f52b

      SHA256

      cec94c3829884bdf1d35ea3e02988c748c0f6881819719242605e3c5f531fffc

      SHA512

      a4673f9ab8017277723a5486f15da54e6d7a025f0e0eff9355ceb72bde151054ee299af4fb83a3ebe01dba3db3f56abee3a13854a2272099b6f263fb118dab19

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\regsvr32.exe
      Filesize

      23KB

      MD5

      a8819a40562f8afe1ea5a24d4fafea5d

      SHA1

      c5da393b44176770471a8d6b9324eb387046f52b

      SHA256

      cec94c3829884bdf1d35ea3e02988c748c0f6881819719242605e3c5f531fffc

      SHA512

      a4673f9ab8017277723a5486f15da54e6d7a025f0e0eff9355ceb72bde151054ee299af4fb83a3ebe01dba3db3f56abee3a13854a2272099b6f263fb118dab19

      Download Submit

    • memory/1624-157-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-167-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-123-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-124-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-125-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-126-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-127-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-128-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-129-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-130-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-132-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-133-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-134-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-135-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-136-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-137-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-138-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-139-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-140-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-141-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-142-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-143-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-144-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-145-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-146-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-148-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-149-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-147-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-150-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-151-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-152-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-153-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-154-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-159-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-156-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-131-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-122-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-155-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-160-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-161-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-162-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-163-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-164-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-165-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-166-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-158-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-168-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-169-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-170-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-172-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-171-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-173-0x0000000004EC0000-0x0000000004EE9000-memory.dmp

      Filesize

      164KB

      Download

    • memory/1624-174-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-175-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-176-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-177-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-178-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-179-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-180-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-181-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1624-182-0x0000000004E60000-0x0000000004E89000-memory.dmp

      Filesize

      164KB

      Download

    • memory/1624-183-0x0000000004EC0000-0x0000000004EE9000-memory.dmp

      Filesize

      164KB

      Download

    • memory/1624-226-0x0000000004EC0000-0x0000000004EE9000-memory.dmp

      Filesize

      164KB

      Download

    • memory/3480-185-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3480-186-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3480-187-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3480-188-0x00000000779D0000-0x0000000077B5E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3480-235-0x0000000000C10000-0x0000000000C39000-memory.dmp

      Filesize

      164KB

      Download

    • memory/3480-243-0x0000000000C10000-0x0000000000C39000-memory.dmp

      Filesize

      164KB

      Download