Overview

overview

7

Static

static

3

qbittorren...up.exe

windows7-x64

7

qbittorren...up.exe

windows10-2004-x64

7

translations/qt_sl.qm

windows7-x64

3

translations/qt_sl.qm

windows10-2004-x64

3

translations/qt_sv.qm

windows7-x64

3

translations/qt_sv.qm

windows10-2004-x64

3

translatio..._ar.qm

windows7-x64

3

translatio..._ar.qm

windows10-2004-x64

3

translatio..._bg.qm

windows7-x64

3

translatio..._bg.qm

windows10-2004-x64

3

translatio..._ca.qm

windows7-x64

3

translatio..._ca.qm

windows10-2004-x64

3

translatio..._cs.qm

windows7-x64

3

translatio..._cs.qm

windows10-2004-x64

3

translatio..._da.qm

windows7-x64

3

translatio..._da.qm

windows10-2004-x64

3

translatio..._de.qm

windows7-x64

3

translatio..._de.qm

windows10-2004-x64

3

translatio..._es.qm

windows7-x64

3

translatio..._es.qm

windows10-2004-x64

3

translatio..._fa.qm

windows7-x64

3

translatio..._fa.qm

windows10-2004-x64

3

translatio..._fi.qm

windows7-x64

3

translatio..._fi.qm

windows10-2004-x64

3

translatio..._fr.qm

windows7-x64

3

translatio..._fr.qm

windows10-2004-x64

3

translatio..._gd.qm

windows7-x64

3

translatio..._gd.qm

windows10-2004-x64

3

translatio..._he.qm

windows7-x64

3

translatio..._he.qm

windows10-2004-x64

3

translatio..._hr.qm

windows7-x64

3

translatio..._hr.qm

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    01-05-2024 19:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    translations/qtbase_fi.qm

  • Size

    175KB

  • MD5

    8472cf0bf6c659177ad45aa9e3a3247c

  • SHA1

    7b5313cda126bb7863001499fb66fb1b56c255fc

  • SHA256

    e47fe13713e184d07fa4495dde0c589b0e8f562e91574a3558a9363443a4fa72

  • SHA512

    de36a1f033bd7a4d6475681edc93cc7b0b5dcb6a7051831f2ee6f397c971b843e1c10b66c4fb2eff2a23dc07433e80fbf7b95e62c5b93e121ab5ad88354d9cb8

  • SSDEEP

    3072:lvdTgO2Yl97ZWnbgTLt/Tf9IlqAeiy5uWkYGM0wNCdRjSK2YUlUs:lvdkA9vh5uWkY0MK2YXs

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\translations\qtbase_fi.qm
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\translations\qtbase_fi.qm
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\translations\qtbase_fi.qm"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a7cf7f13cd074035f15fa3b97179336d

    SHA1

    6e5d759483abbad3550d5b2e9bd3e6a4582176bb

    SHA256

    e46af0c4e2d8f8f46698bee7acf1288ae9d3b33b7b77445b522ed1560d68604c

    SHA512

    2897a93b569629b0369d2ed05352accd3da3054064209b6320ed1bf3264a72624e419c04ce2cc0b2f61a6c0c3f239960644b302f2a17d7c8920a8c48ae2d3700

    Download Submit