Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Details.lnk

windows10-1703-x64

10

alphabetic...ds.cmd

windows10-1703-x64

1

alphabetic...ed.dll

windows10-1703-x64

10

Analysis

  • max time kernel
    19s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/10/2022, 15:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    alphabetical/unperched.dll

  • Size

    627KB

  • MD5

    cba1ea7fd2999c09a57ab80ec61a366c

  • SHA1

    ed15bd41dec1f7628be89adff8995242d5281e69

  • SHA256

    d0232586a1421eb851d5817a55fd1afa68a0392cc94689b5af3ae093f18ef823

  • SHA512

    12251a0cb3f93a098a12cb3f78a439c98d67465f68c5151f18c2692ba5331deb34e74723b201f8b7e85dcb2027db55ec6681890baeb70cb142979a9ef652b65c

  • SSDEEP

    12288:cx8IFmbH8yS5XXUrIVcxxUnMnwldJOCP6HcD5q:x6y8bRZAuM6dMCSHc4

Score
10/10
qakbotbb041666776497bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.1051

Botnet

BB04

Campaign

1666776497

C2

197.204.53.242:443

83.244.63.21:443

27.110.134.202:995

173.49.74.62:443

181.164.194.228:443

24.116.45.121:443

41.47.249.185:443

24.206.27.39:443

113.183.223.8:443

186.188.80.134:443

64.207.237.118:443

156.216.134.70:995

58.247.115.126:995

180.151.116.67:443

41.140.63.187:443

144.202.15.58:443

190.199.97.108:993

172.117.139.142:995

45.230.169.132:995

24.9.220.167:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\alphabetical\unperched.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4824
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\alphabetical\unperched.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3700
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 720
        3⤵
        • Program crash
        PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3700-121-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-122-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-123-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-124-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-125-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-126-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-127-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-129-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-130-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-128-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-131-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-132-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-133-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-134-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-135-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-136-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-137-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-138-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-139-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-140-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-141-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-142-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-143-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-144-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-145-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-146-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-147-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-149-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-148-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-151-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-152-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-150-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-153-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-154-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-155-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-156-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-157-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-158-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-159-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-160-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-161-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-162-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-163-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-164-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-165-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-166-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-167-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-168-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-169-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-170-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-172-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-171-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-173-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-174-0x0000000005610000-0x0000000005639000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3700-175-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-176-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-178-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-179-0x0000000005610000-0x0000000005639000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3700-177-0x00000000055B0000-0x00000000055D9000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3700-180-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-181-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-182-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-183-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-184-0x0000000077600000-0x000000007778E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3700-185-0x0000000005610000-0x0000000005639000-memory.dmp

    Filesize

    164KB

    Download