Analysis
-
max time kernel
115s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-es -
resource tags
arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
02/03/2023, 00:50
Static task
static1
Behavioral task
behavioral1
Sample
QtNythNetRpz.exe
Resource
win7-20230220-es
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
QtNythNetRpz.exe
Resource
win10v2004-20230220-es
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
QtNythNetRpz.exe
-
Size
15.5MB
-
MD5
5cdbfc37c91bdde8f9221c111fc40f49
-
SHA1
392e2d5f4df5a5e5337636cc13d4e465381fc0f5
-
SHA256
9aca8955a6b3536fd51147d20fc4263c9a3bc300593fbf7f97397401167876e5
-
SHA512
c69df223e48a07c2794d5291261581e74b95bd5ba5af3d9ce376a0a5d12d0f68c4217ecbb9974bdf069c0300418f2c1ad28c78ad4b5c071e7830a25ba3616430
-
SSDEEP
98304:O3DQ3pF3qg5WXT5R2GZHmk35ZZGE2Swowlkh1jSHFVRcMC4hg9FChBw5+k7tnWqq:2DS1k5RFZGo5ZR2SL8VRcMC4hAsQbfze
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1080 4324 WerFault.exe 82 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe 924 QtNythNetRpz.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 924 QtNythNetRpz.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\QtNythNetRpz.exe"C:\Users\Admin\AppData\Local\Temp\QtNythNetRpz.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:924
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 428 -p 4324 -ip 43241⤵PID:460
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4324 -s 20241⤵
- Program crash
PID:1080