5690987418e7898137bb9f8e706d3ff8f196b1dc612be983012524235f64f6af | Triage

Resubmissions

21-11-2023 21:25

231121-z9p78agf85 10

16-04-2023 14:14

230416-rj2vbsca6z 10

Analysis

max time kernel
152s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2023 14:14

Sharing

Report Analysis Logs

General

Target

QZK RAT Free/Bug Fixer.dll
Size

122.2MB
MD5

a54e1b46fb8f24ab0f8ee2528098b1b5
SHA1

f110a574dbff2b59721d6d526c5640733d6fd094
SHA256

4d1b3e552e4b4a455803c6143490aab97d572bf5376cb9c2cb140bf56c58bb95
SHA512

3e73690767d589ba3d97fcda8d7e1892ddc7b2ff2cc00f52241e50c958b2d3f83d8e5450d201980c64147b90f516255b4932912e241afd82a83bf70c494c1081
SSDEEP

3145728:VhgY/ofQVcj0/kYp09gG3croHnbfTKGu7SLtJB:VhgYQckYqb3GibfeWr

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4844 wrote to memory of 552	4844	rundll32.exe	rundll32.exe
PID 4844 wrote to memory of 552	4844	rundll32.exe	rundll32.exe
PID 4844 wrote to memory of 552	4844	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\QZK RAT Free\Bug Fixer.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\QZK RAT Free\Bug Fixer.dll",#1
2⤵
PID:552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...