Overview
overview
3Static
static
3qzeq Antiv...47.dll
windows10-1703-x64
1qzeq Antiv...eg.dll
windows10-1703-x64
1qzeq Antiv...GL.dll
windows10-1703-x64
1qzeq Antiv...v2.dll
windows10-1703-x64
3qzeq Antiv...s.html
windows10-1703-x64
1qzeq Antiv...ur.ps1
windows10-1703-x64
3qzeq Antiv...us.exe
windows10-1703-x64
1qzeq Antiv...ain.js
windows10-1703-x64
1qzeq Antiv...on.jpg
windows10-1703-x64
3qzeq Antiv...x.html
windows10-1703-x64
1qzeq Antiv...ipt.js
windows10-1703-x64
1qzeq Antiv...er.dll
windows10-1703-x64
3qzeq Antiv...-1.dll
windows10-1703-x64
3Analysis
-
max time kernel
150s -
max time network
135s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
15/08/2023, 09:48
Static task
static1
Behavioral task
behavioral1
Sample
qzeq Antivirus/d3dcompiler_47.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
qzeq Antivirus/ffmpeg.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
qzeq Antivirus/libEGL.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
qzeq Antivirus/libGLESv2.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
qzeq Antivirus/licenses.html
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
qzeq Antivirus/locales/ur.ps1
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
qzeq Antivirus/qzeq Antivirus.exe
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
qzeq Antivirus/resources/app/electron-main.js
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
qzeq Antivirus/resources/app/icon.jpg
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
qzeq Antivirus/resources/app/index.html
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
qzeq Antivirus/resources/app/script.js
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
qzeq Antivirus/vk_swiftshader.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
qzeq Antivirus/vulkan-1.dll
Resource
win10-20230703-en
windows10-1703-x64
General
-
Target
qzeq Antivirus/resources/app/index.html
-
Size
15KB
-
MD5
690ba194f745d7335a162d0344cc9559
-
SHA1
4bcb12e355e01b14c9728e4bcde40af93de64551
-
SHA256
adc15320deff57d4495872c8766b80e708dc0ddc1aebac6b6c6130814026eba9
-
SHA512
cf83f7a6dca73005fa23e16dd3fac36080ff0b151f21629750825ce7657c02b49c82fa6c35c3173f8a8402fd3081ef5e1eb53515ab723d535c6b05beb6073c3f
-
SSDEEP
192:0no+T3OiOladmpFwhrwJ9lKLbdqsxxJtgWidQihPpx0fmNt7yMzzQK77HMc1WN4L:0n/rCNoM/Qg9sN4nCgJiy2s1ZvshFK
Malware Config
Signatures
-
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133365666239062529" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 2128 chrome.exe 2128 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe Token: SeShutdownPrivilege 4264 chrome.exe Token: SeCreatePagefilePrivilege 4264 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe 4264 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4264 wrote to memory of 3076 4264 chrome.exe 70 PID 4264 wrote to memory of 3076 4264 chrome.exe 70 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 4368 4264 chrome.exe 72 PID 4264 wrote to memory of 2940 4264 chrome.exe 73 PID 4264 wrote to memory of 2940 4264 chrome.exe 73 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74 PID 4264 wrote to memory of 5012 4264 chrome.exe 74
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\qzeq Antivirus\resources\app\index.html1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff90709758,0x7fff90709768,0x7fff907097782⤵PID:3076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:22⤵PID:4368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:82⤵PID:2940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:82⤵PID:5012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:12⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:12⤵PID:5100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3932 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:82⤵PID:4512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:82⤵PID:3888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:82⤵PID:196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 --field-trial-handle=1764,i,3553362029523421152,4483155938279007872,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2128
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4768
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2381⤵PID:2608
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD53b15dbe1b435296cd70c5397754bb342
SHA1efb6e25208de456bc17eda055e010f39867e733a
SHA25650096184a2d27333d7da5d17d96342a9ee16906bf47824f4e5f7a744e69cbbbf
SHA512286d3d6461cce8b3a34b7401375b1739ac80de5aa9902bedd53b39188b3010478b3cddb795c3c42a2d83a37ceaa40972ba47c0d9da4e9fdbe18f4c470d307687
-
Filesize
5KB
MD5b290fd0e1eea4f367bb41e264b4526dd
SHA1c00990e61c7ecbb082270728bdd0b09840d3dd2f
SHA2568a750720f5884e2c474367b606e0fa468a1995f6c7732f2075bf59d9e612e060
SHA512d10a7db3d3dccf1b97436d0e009d397be1036c6874150aa0a821f56bc9e9be523398733b4bd63c0bf4031ddf46686bedc7e90c65fba0663e593410e7be8ed923
-
Filesize
5KB
MD543a7e2c6636a94af783a3d44b99c3ae2
SHA1d2841fec5a79f02bceb78ec61b285819fe6c2ecf
SHA256fc625a495c8a4e85994d2e60c7793978a02db504541de02d37701e4fd4a6fb69
SHA51232e87285aab6bc8e5bedddf34aaac4e8ae7629f668c24ccba2cecaa8d8e227b28494f2bbeeddeb9ff3d09ec2e09a039bbca7ad97240d520a55f1fe51d961e5f8
-
Filesize
87KB
MD52cbfad7dc9e9c036a9b54a00acafe69d
SHA124c749106ed210429e65e60b8b2bbac3369f639f
SHA256e05baf13b35c9131f83bdf648c5354dd4f06e6f9b29f1883756a0796382718c5
SHA5125fc5e2aa05a93ac5c9920275f9032ba77e7663f7d4cc14545dca3eebcc88db54fd984ce995d54049ba913fc40413c4b3a11cc50738ced6aa78e517b84db4face
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd