5690987418e7898137bb9f8e706d3ff8f196b1dc612be983012524235f64f6af

Resubmissions

21-11-2023 21:25

16-04-2023 14:14

max time kernel
87s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2023 14:14

Target

QZK RAT Free/Plugins/ACTWindows.dll
Size

1.1MB
MD5

91c072b5c4eaf18b81d4c522f967df5c
SHA1

4290045e1382057ab339f3e0c269770714b5487b
SHA256

61451c536c1a5a9b2b676fa191c4a960d7952aff4cf8b3437860adcdedec3774
SHA512

03dba43bcb6f0ee1b82ed874a5a7ff7b94b2096e230f906927666438372f77a379301acbaa31c71a507dbd3e59944dab1fb4f8466a9808a6077719d33a99e540
SSDEEP

24576:AQ3sWYfdA5r6B/QIdMFmEADsHcxw6J6fG3tLVJnsdWUVSEPP:AQ8WIe5r61MFFADk+2fG3xPs40

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

rundll32.exe

pid process

1320 rundll32.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1320 rundll32.exe

pid	process
1320	rundll32.exe

pid	process
1320	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 376 wrote to memory of 1320	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1320	376	rundll32.exe	rundll32.exe
PID 376 wrote to memory of 1320	376	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\QZK RAT Free\Plugins\ACTWindows.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:376

memory/1320-133-0x00000000745B0000-0x000000007494A000-memory.dmp

Filesize
3.6MB

Download