Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 18:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe
Resource
win7-20240508-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe
Resource
win10v2004-20240611-en
0 signatures
150 seconds
General
-
Target
2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe
-
Size
4.3MB
-
MD5
1e7c92f7340770d3d18a9bbefedfb0ed
-
SHA1
44d672ab84fc59847446be168eae6726fcfb8434
-
SHA256
e386bcfa76e308f34ebe856442023d748e64704effdf32a01a115d340212eb0d
-
SHA512
bf9c0b3f431665077cd6fb049872a9a25c5a40c4f52c74e3b739160b95aa9d1b46ae9d744d9f9c9227afb8a9a24d6a2a1ce78753835b5c47e66e6ba52d45c983
-
SSDEEP
98304:0bgwm93udfvBtp0vPjT/KFdGRv/SrbeJo7Pa:Itm81pjWfEfbe27Pa
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2008 3056 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3056 wrote to memory of 2008 3056 2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe 28 PID 3056 wrote to memory of 2008 3056 2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe 28 PID 3056 wrote to memory of 2008 3056 2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe 28 PID 3056 wrote to memory of 2008 3056 2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-12_1e7c92f7340770d3d18a9bbefedfb0ed_magniber_qakbot.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 1802⤵
- Program crash
PID:2008
-