f62712e793e7109552e2cb9c1a57c269be95eb4be1226c5d5ea481229d513ebb | Triage

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-06-2024 10:33

Sharing

Report Analysis Logs

General

Target

$PLUGINSDIR/imageformats/qico.dll
Size

30KB
MD5

10c535fcfca304afb59a8c491349426f
SHA1

7a53485cde15e7212814a49b1e8f84d90fc9573a
SHA256

a4a9d2dbb549b62c615e514d4aad75298e8342ab90b7f30ae163f064654a1299
SHA512

6c4fb8592a1f3cb6dbba02a23787d8d782aaf9c227db141aa846e908dccb0b584cd32d6daa0f8dbe12a6803eaf41b8e36c33a558461006d52abe512f51420bde
SSDEEP

768:BDEf5w/XL51zsrTLNoaoV3DOIAsmOqtmzLtS:a5w/b51zkmaoV3DOIAsmOqIXtS

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2484 wrote to memory of 2692	2484	rundll32.exe	rundll32.exe
PID 2484 wrote to memory of 2692	2484	rundll32.exe	rundll32.exe
PID 2484 wrote to memory of 2692	2484	rundll32.exe	rundll32.exe
PID 2484 wrote to memory of 2692	2484	rundll32.exe	rundll32.exe
PID 2484 wrote to memory of 2692	2484	rundll32.exe	rundll32.exe
PID 2484 wrote to memory of 2692	2484	rundll32.exe	rundll32.exe
PID 2484 wrote to memory of 2692	2484	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\imageformats\qico.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2484

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\imageformats\qico.dll,#1
2⤵
PID:2692

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...