8158b4de47dd7444b61c7769abc1bb9722c06fc75020984fb1b0171e61a1b058

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:13

Target

2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe
Size

980KB
MD5

986d2770ca283ab0cf73f4cf6fc6ce9f
SHA1

08556512511b46c3da79cbe9ef85ee0d0a85f71a
SHA256

8158b4de47dd7444b61c7769abc1bb9722c06fc75020984fb1b0171e61a1b058
SHA512

29f058e1167887d25ad1bbca7a61d984e1922630288152669c4ab3bee7862a491ed5478b54cd196008ca201949a4b8470eaa51ac17d620db7434e3dfe8593b30
SSDEEP

24576:K57KtTMTtWN/C6h+xRPYpfn5Be4kgqfqlfiiZO:O7KEmClgxn/e4kaf

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2996 292 WerFault.exe 2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe

pid	pid_target	process	target process
2996	292	WerFault.exe	2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe

description	pid	process	target process
PID 292 wrote to memory of 2996	292	2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe	WerFault.exe
PID 292 wrote to memory of 2996	292	2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe	WerFault.exe
PID 292 wrote to memory of 2996	292	2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe	WerFault.exe
PID 292 wrote to memory of 2996	292	2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-23_986d2770ca283ab0cf73f4cf6fc6ce9f_mafia_qakbot.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 36
2⤵
- Program crash
PID:2996

memory/292-2-0x0000000001331000-0x00000000013C5000-memory.dmp

Filesize
592KB

Download
memory/292-0-0x0000000001330000-0x0000000001434000-memory.dmp

Filesize
1.0MB

Download
memory/292-1-0x0000000001330000-0x0000000001434000-memory.dmp

Filesize
1.0MB

Download
memory/292-3-0x0000000001330000-0x0000000001434000-memory.dmp

Filesize
1.0MB

Download
memory/292-4-0x0000000001331000-0x00000000013C5000-memory.dmp

Filesize
592KB

Download