Overview

overview

3

Static

static

3

2024-05-22...ot.exe

windows7-x64

3

2024-05-22...ot.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    130s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-22_413354461c4acb649fcf4d3c63379f67_mafia_qakbot.exe

  • Size

    977KB

  • MD5

    413354461c4acb649fcf4d3c63379f67

  • SHA1

    05a0839a369446a5d0a60e0a0925806a1253b6af

  • SHA256

    9961a41d7d9601fee2386de2de3c0dfb76e3f932bb276672f746941da2880d41

  • SHA512

    2f46cd453e9f9c9682eda0095299fa2ef083e61a07960b485b0f0a1157863538b8c346f99cf0a945068ddbe928e815f5f69301bdd6c8122bd70423dcbe0f927a

  • SSDEEP

    24576:FWjlKSFlYiG5F/hEopaW4+E4gFOIpO2asqGW:FWjlVBIQo8L4gFrhq5

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-22_413354461c4acb649fcf4d3c63379f67_mafia_qakbot.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-22_413354461c4acb649fcf4d3c63379f67_mafia_qakbot.exe"
    1⤵
      PID:1516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
        2⤵
        • Program crash
        PID:3268
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1516 -ip 1516
      1⤵
        PID:624

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1516-0-0x0000000000D20000-0x0000000000E22000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1516-2-0x0000000000D20000-0x0000000000E22000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1516-1-0x0000000000D20000-0x0000000000E22000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/1516-3-0x0000000000D21000-0x0000000000DB4000-memory.dmp

        Filesize

        588KB

        Download