Resubmissions
06/03/2023, 21:16
230306-z4zjpsed2v 1006/03/2023, 21:13
230306-z2z3fseh49 106/03/2023, 21:10
230306-zz5vxsec81 106/03/2023, 21:09
230306-zzqq1aeh44 1Analysis
-
max time kernel
95s -
max time network
63s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system -
submitted
06/03/2023, 21:13
Static task
static1
Behavioral task
behavioral1
Sample
another_new_qbot.dll
Resource
win10-20230220-en
1 signatures
150 seconds
General
-
Target
another_new_qbot.dll
-
Size
592KB
-
MD5
e273bf8c8df8d32d7bca05db9b155803
-
SHA1
8b612f4f4a49e5cfa2057395fe3a0d0353f55b05
-
SHA256
442420af4fc55164f5390ec68847bba4ae81d74534727975f47b7dd9d6dbdbe7
-
SHA512
54dfdd1d5bd73abc897726c1b6bf89a2c7aa02c502564e264e57baea792235bd3757192bb1eddd848d43d0f49d9ecce4dd26cc871a4a20297f5b5857d3587443
-
SSDEEP
12288:dt1VOakzj7hpQynG+6g1zJACP406bvcgW+oMfu+3:dt/xk37hyyzl1BP4ftoeu+3
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2996 wrote to memory of 4052 2996 rundll32.exe 66 PID 2996 wrote to memory of 4052 2996 rundll32.exe 66 PID 2996 wrote to memory of 4052 2996 rundll32.exe 66
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\another_new_qbot.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\another_new_qbot.dll,#12⤵PID:4052
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:4948