Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-06-2023 15:02

General

  • Target

    qbot.dll

  • Size

    458KB

  • MD5

    8c836e7cbb1be6066855c419822a1437

  • SHA1

    6793557ed4c894fd8aa101eacb121b42fcaea3f9

  • SHA256

    c219d1d518dde48b751f44298530fef731cfb1c0abf969a334bda025423ba162

  • SHA512

    2930862c776b03241d0de60c9d6f763d90b163ab1c4e077be93345ad7df5f6d625fff36e3b8580b334ab873740c66a92c7acd1c027f7d7d0854fd4d89bc699f1

  • SSDEEP

    12288:1BBzPfDyNMCLzaf1jhk6rOB4VzW9PXNYL5FHnKaWl5N26tw:lfeNMCn0j5rjI1NO51SI6e

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\qbot.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\qbot.dll,#1
      2⤵
        PID:1016
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 600
          3⤵
          • Program crash
          PID:3012
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1016 -ip 1016
      1⤵
        PID:4028

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads