9b1becaae353cfed426aac596fdaee9a343dffbdae42e3be55f245cd16be4b6a | Triage

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 11:27

Sharing

Report Analysis Logs

General

Target

BQQApplication.dll
Size

112KB
MD5

8fae27c85de02113f625e09594f416ba
SHA1

2846a9ce6d37ae6ec2dfbf7e7dbe5deb2de7c42f
SHA256

41614db30eaf779a8e4649f06a839a3114b13afe77c02e1937b0b913a2f05d9f
SHA512

9d3594e0dbe062660a72cb4a168d2e1a78895ad488ea1c04dfb7c89c1e02d71e5dd3405a479c2f2568ffe400fe13a3137d141d1a4ddd3a5bf4926afc0f6af08f
SSDEEP

1536:4fdGExRBPcFhbbhn3xq5vpeJkMb74Gfx0Oh9PDc4lh6pFCH9nnc:hORZubmKum74Gf51Dc4lh6pu+

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2936 wrote to memory of 1744	2936	regsvr32.exe	regsvr32.exe
PID 2936 wrote to memory of 1744	2936	regsvr32.exe	regsvr32.exe
PID 2936 wrote to memory of 1744	2936	regsvr32.exe	regsvr32.exe
PID 2936 wrote to memory of 1744	2936	regsvr32.exe	regsvr32.exe
PID 2936 wrote to memory of 1744	2936	regsvr32.exe	regsvr32.exe
PID 2936 wrote to memory of 1744	2936	regsvr32.exe	regsvr32.exe
PID 2936 wrote to memory of 1744	2936	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\BQQApplication.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2936

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\BQQApplication.dll
2⤵
PID:1744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-0-0x0000000000250000-0x00000000002D2000-memory.dmp

Filesize
520KB

Download