141210c44985763433ffb2fa35adab039d3d524a3b0851af655af8f0ac3280f1 | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 20:45

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/qzpwo.dll
Size

152KB
MD5

9980000e7a606aa5ed006157d5b720b4
SHA1

7fefa3efb773296095821c2c7f01eee6ee485299
SHA256

b2fec8da2015c6eb860a39efe74a296f9a1a5eaa19b3db04b9eabe1174253ccf
SHA512

81c81b0ffce2ff34523053a668b29841b9c2a23d98c32caa5884409a6f8f2d25afd69fc522b7416d85a600f165a1be43001ef4164a11d58afd9740fc11fb4311
SSDEEP

3072:Gj9t6F0XY0MpiO5YvJq7rVC2+FG/3s0G2/N:yDM0Kp73MGx/N

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2024	1664	rundll32.exe	28
PID 1664 wrote to memory of 2024	1664	rundll32.exe	28
PID 1664 wrote to memory of 2024	1664	rundll32.exe	28
PID 1664 wrote to memory of 2024	1664	rundll32.exe	28
PID 1664 wrote to memory of 2024	1664	rundll32.exe	28
PID 1664 wrote to memory of 2024	1664	rundll32.exe	28
PID 1664 wrote to memory of 2024	1664	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\qzpwo.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\qzpwo.dll,#1
  2⤵
  PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads