Overview
overview
7Static
static
3texstudio-...t6.exe
windows7-x64
7texstudio-...t6.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
1$PLUGINSDI...em.dll
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
1$PLUGINSDI...gs.dll
windows10-2004-x64
1D3Dcompiler_47.dll
windows10-2004-x64
1Qt6Concurrent.dll
windows7-x64
1Qt6Concurrent.dll
windows10-2004-x64
1Qt6Core.dll
windows7-x64
1Qt6Core.dll
windows10-2004-x64
1Qt6Core5Compat.dll
windows7-x64
1Qt6Core5Compat.dll
windows10-2004-x64
1Qt6DBus.dll
windows7-x64
1Qt6DBus.dll
windows10-2004-x64
1Qt6Gui.dll
windows7-x64
1Qt6Gui.dll
windows10-2004-x64
1Qt6Network.dll
windows7-x64
1Qt6Network.dll
windows10-2004-x64
1Qt6PrintSupport.dll
windows7-x64
1Qt6PrintSupport.dll
windows10-2004-x64
1Qt6Qml.dll
windows7-x64
1Qt6Qml.dll
windows10-2004-x64
1Qt6QmlCore.dll
windows7-x64
1Qt6QmlCore.dll
windows10-2004-x64
1Qt6Svg.dll
windows7-x64
1Qt6Svg.dll
windows10-2004-x64
1Qt6Widgets.dll
windows7-x64
1Qt6Widgets.dll
windows10-2004-x64
1Qt6Xml.dll
windows7-x64
1Qt6Xml.dll
windows10-2004-x64
1TexTablet/...ib.dll
windows7-x64
1Analysis
-
max time kernel
446s -
max time network
456s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14/03/2024, 18:34
Static task
static1
Behavioral task
behavioral1
Sample
texstudio-4.7.3-win-qt6.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
texstudio-4.7.3-win-qt6.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
D3Dcompiler_47.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
Qt6Concurrent.dll
Resource
win7-20240221-en
Behavioral task
behavioral9
Sample
Qt6Concurrent.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
Qt6Core.dll
Resource
win7-20240215-en
Behavioral task
behavioral11
Sample
Qt6Core.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
Qt6Core5Compat.dll
Resource
win7-20240220-en
Behavioral task
behavioral13
Sample
Qt6Core5Compat.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral14
Sample
Qt6DBus.dll
Resource
win7-20240221-en
Behavioral task
behavioral15
Sample
Qt6DBus.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
Qt6Gui.dll
Resource
win7-20240221-en
Behavioral task
behavioral17
Sample
Qt6Gui.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
Qt6Network.dll
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
Qt6Network.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
Qt6PrintSupport.dll
Resource
win7-20240215-en
Behavioral task
behavioral21
Sample
Qt6PrintSupport.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
Qt6Qml.dll
Resource
win7-20231129-en
Behavioral task
behavioral23
Sample
Qt6Qml.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
Qt6QmlCore.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
Qt6QmlCore.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
Qt6Svg.dll
Resource
win7-20240220-en
Behavioral task
behavioral27
Sample
Qt6Svg.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
Qt6Widgets.dll
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
Qt6Widgets.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral30
Sample
Qt6Xml.dll
Resource
win7-20240220-en
Behavioral task
behavioral31
Sample
Qt6Xml.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral32
Sample
TexTablet/Interop.micautLib.dll
Resource
win7-20240220-en
General
-
Target
Qt6PrintSupport.dll
-
Size
439KB
-
MD5
43aded4fef09d8045443d0cb210608a1
-
SHA1
d4361d0c7d2d2872d550820ce747cc2408da1592
-
SHA256
23a766b478dc183357aa8dfbc7ed0978b80d7bbc1f361c5c56e74ef56dca80c3
-
SHA512
031423f32a5f67d37e8a74aca0f112f6c35fa00584894ffbe9758898910ddd1e3e9a71135c83d67d07c40066b2aa7224caf87f4a4082699cdafa55894838f795
-
SSDEEP
6144:an9rl8hs82cV2FbfFcOyopexa3alyT5H/uns63l7RCSLRSASc:a9rlGoI2VfcznRR0AH
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 2676 svchost.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Qt6PrintSupport.dll,#11⤵PID:2244
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:3952
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2676