aa61eb930b40f90ae5afda838d4b0c441160ca1e18a032dc5c2597abb980d2e5

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
10/01/2023, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qbittorrent.exe
Size

30.4MB
MD5

00382da16223e19de5d3e6f6e9d8db19
SHA1

fe20004b008583d94fc8673fce99be6a28349f06
SHA256

aa61eb930b40f90ae5afda838d4b0c441160ca1e18a032dc5c2597abb980d2e5
SHA512

250011cda64fccd54bcd0dde75e9672240cfec7e87f090eb67ddb6882d44458d7a16bcb2a58b96cfb5438e7dc8f2935bda1078783d56ba868807013a03807a64
SSDEEP

786432:OhgfXLovSpkj+UO5E7YJRASqdEg36yCu:OhULA+UO5E7YbASq/36y9

Score

1^/10

Malware Config

Signatures

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\.torrent\ = "qBittorrent"	qbittorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\ = "URL:Magnet link"	qbittorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\qbittorrent.exe\",1"	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\.torrent\	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\shell\open\command\	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\	qbittorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\Content Type = "application/x-magnet"	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\DefaultIcon\	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\shell\	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\shell\open\command	qbittorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\qbittorrent.exe\" \"%1\""	qbittorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\URL Protocol	qbittorrent.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\shell\ = "open"	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\shell	qbittorrent.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000_CLASSES\magnet\shell\open	qbittorrent.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2032	qbittorrent.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2032	qbittorrent.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe
2032	qbittorrent.exe

C:\Users\Admin\AppData\Local\Temp\qbittorrent.exe
"C:\Users\Admin\AppData\Local\Temp\qbittorrent.exe"
1⤵
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-54-0x0000000000110000-0x0000000000120000-memory.dmp

Filesize
64KB

Download
memory/2032-55-0x0000000000120000-0x000000000012A000-memory.dmp

Filesize
40KB

Download
memory/2032-56-0x000007FEFB871000-0x000007FEFB873000-memory.dmp

Filesize
8KB

Download
memory/2032-57-0x0000000000110000-0x0000000000120000-memory.dmp

Filesize
64KB

Download
memory/2032-58-0x0000000000120000-0x000000000012A000-memory.dmp

Filesize
40KB

Download