Analysis Overview
score
1/10
SHA256
442420af4fc55164f5390ec68847bba4ae81d74534727975f47b7dd9d6dbdbe7
Threat Level: No (potentially) malicious behavior was detected
The file another_new_qbot.dll was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
MITRE ATT&CK
N/A
Analysis: static1
Detonation Overview
Reported
2023-03-06 21:13
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-06 21:13
Reported
2023-03-06 21:16
Platform
win10-20230220-en
Max time kernel
95s
Max time network
63s
Command Line
rundll32.exe C:\Users\Admin\AppData\Local\Temp\another_new_qbot.dll,#1
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2996 wrote to memory of 4052 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2996 wrote to memory of 4052 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 2996 wrote to memory of 4052 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\another_new_qbot.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\another_new_qbot.dll,#1
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
Network
| Country | Destination | Domain | Proto |
| US | 20.189.173.9:443 | tcp | |
| NL | 8.238.179.126:80 | tcp | |
| US | 8.8.8.8:53 | 1.77.109.52.in-addr.arpa | udp |
Files
N/A