Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

ccc80c7306...72.dll

windows7-x64

10

ccc80c7306...72.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2022, 17:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccc80c73061729902431bf2fb0238df8f2a2da34b1d1bb7497e27c089c215272.dll

  • Size

    695KB

  • MD5

    ef0b0131dd0bc88c113b17f9049e8fb3

  • SHA1

    8269f5fafb9d88d15a821d9311c8659148f854f7

  • SHA256

    ccc80c73061729902431bf2fb0238df8f2a2da34b1d1bb7497e27c089c215272

  • SHA512

    a06e89f706f7c0712146102424d94fa254282b8b49563f896d55dfa324610e5492bb6ba061e774ccb7983d269e315ee52e8c2344a5ff0fb0cfe4094ebfe524fd

  • SSDEEP

    12288:nieL1vc1PdFjpmw5qS6xnGWnE/N285UT+QD1lNMA:i81IFnqnnEl5w9M

Score
10/10
qakbotobama2071664363417bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Version

403.895

Botnet

obama207

Campaign

1664363417

C2

217.165.146.158:993

41.97.179.58:443

86.132.13.49:2078

197.203.50.195:443

85.245.143.94:443

86.196.181.62:2222

102.190.190.242:995

105.184.133.198:995

179.111.23.186:32101

179.251.119.206:995

84.3.85.30:443

39.44.5.104:995

197.41.235.69:995

193.3.19.137:443

186.81.122.168:443

103.173.121.17:443

41.104.80.233:443

102.189.184.12:995

156.199.90.139:443

14.168.180.223:443
Attributes
  • salt

    SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Signatures

  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccc80c73061729902431bf2fb0238df8f2a2da34b1d1bb7497e27c089c215272.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1216
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ccc80c73061729902431bf2fb0238df8f2a2da34b1d1bb7497e27c089c215272.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1476
      • C:\Windows\SysWOW64\wermgr.exe
        C:\Windows\SysWOW64\wermgr.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1476-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1476-56-0x00000000006C0000-0x0000000000773000-memory.dmp

    Filesize

    716KB

    Download

  • memory/1476-57-0x00000000008B0000-0x00000000008D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1476-59-0x00000000008B0000-0x00000000008D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1476-58-0x00000000008B0000-0x00000000008D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1476-60-0x0000000000860000-0x00000000008A2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/1476-61-0x00000000008B0000-0x00000000008D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1476-64-0x00000000008B0000-0x00000000008D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1492-65-0x00000000000C0000-0x00000000000E2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1492-66-0x00000000000C0000-0x00000000000E2000-memory.dmp

    Filesize

    136KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.