eda603fec0848f2d11c93d5019e7a1c01a8619de9fa23706154e5146b7641250 | Triage

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2023, 19:27

Sharing

Report Analysis Logs

General

Target

QTResolver.dll
Size

50KB
MD5

7333c28af12ffb10e50cf5942e4e88a8
SHA1

35bf6b715c7a14a0c29a277dcb920ef233b38929
SHA256

eda603fec0848f2d11c93d5019e7a1c01a8619de9fa23706154e5146b7641250
SHA512

50e5b2bafa0d1205b7745fb830b1c7940fd691b83a41f91b0ced264a8391045df221463116f3f13063ca1db53f374604042c70a18461276c554c191d99b888fa
SSDEEP

1536:RZ3EKPbPQRwZyaCkwSYf13I1YdVrFgBRQqgEIB9v6KeYl:b3EKPbPk1kwSYf13I1YdngBRRIB9v6kl

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4712	4532	regsvr32.exe	80
PID 4532 wrote to memory of 4712	4532	regsvr32.exe	80
PID 4532 wrote to memory of 4712	4532	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\QTResolver.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\QTResolver.dll
  2⤵
  PID:4712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads