Overview

overview

7

Static

static

3

00d5cbdc4e...18.exe

windows7-x64

7

00d5cbdc4e...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...qk.dll

windows7-x64

3

$PLUGINSDI...qk.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/04/2024, 13:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/qwnsvqk.dll

  • Size

    153KB

  • MD5

    4b2b62200064fb33645fad836e97cb5a

  • SHA1

    b05a1a2a650d3a9e1a64df9cda6d11034ea1a408

  • SHA256

    1d9330f221b623a1c0ca5bb539776c6c50d410ff7a89ac9ab8906e5d1e6aad94

  • SHA512

    beea8772f6022a82c94b5246c4c9fe1ca030652f29825a2cca9df05b2c0b51d8b2fc38391275c7a5d0e3c29c4a707554aea89aa09b6eec5db19326f0ff7408d0

  • SSDEEP

    1536:GZ19ei7ByCo4wqiUGPU0Zsu0IXfBUhiOz2FDvf8W/j4A8Xmna/YBUosCC+X+TcHa:G0X+sJAa5/0A8Kagzv+WG/nsg6Zi

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\qwnsvqk.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\qwnsvqk.dll,#1
      2⤵
        PID:4536
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 608
          3⤵
          • Program crash
          PID:1080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4536 -ip 4536
      1⤵
        PID:4664

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads