eda603fec0848f2d11c93d5019e7a1c01a8619de9fa23706154e5146b7641250 | Triage

Analysis

max time kernel
46s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 19:27

Sharing

Report Analysis Logs

General

Target

QTResolver.dll
Size

50KB
MD5

7333c28af12ffb10e50cf5942e4e88a8
SHA1

35bf6b715c7a14a0c29a277dcb920ef233b38929
SHA256

eda603fec0848f2d11c93d5019e7a1c01a8619de9fa23706154e5146b7641250
SHA512

50e5b2bafa0d1205b7745fb830b1c7940fd691b83a41f91b0ced264a8391045df221463116f3f13063ca1db53f374604042c70a18461276c554c191d99b888fa
SSDEEP

1536:RZ3EKPbPQRwZyaCkwSYf13I1YdVrFgBRQqgEIB9v6KeYl:b3EKPbPk1kwSYf13I1YdngBRRIB9v6kl

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 916	1628	regsvr32.exe	28
PID 1628 wrote to memory of 916	1628	regsvr32.exe	28
PID 1628 wrote to memory of 916	1628	regsvr32.exe	28
PID 1628 wrote to memory of 916	1628	regsvr32.exe	28
PID 1628 wrote to memory of 916	1628	regsvr32.exe	28
PID 1628 wrote to memory of 916	1628	regsvr32.exe	28
PID 1628 wrote to memory of 916	1628	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\QTResolver.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\QTResolver.dll
  2⤵
  PID:916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/916-56-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download
memory/1628-54-0x000007FEFC1B1000-0x000007FEFC1B3000-memory.dmp

Filesize
8KB

Download