6a1bdfae4f1a8518dabad69c758c063e36298151a4f8c9b5ce0d7fedceafaf53 | Triage

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 21:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

QtGui4.dll
Size

9.4MB
MD5

0363083a10109db2751992797695bafe
SHA1

f50056ecfd91c30fe60286e0f3670018a0d826a3
SHA256

d02d307d5ac5d97f94bfae05af21a341a3be1eff753a7761f9ca4755a3a9b76e
SHA512

50b7230f08432b3b3b06a17c1ef2769b9dbf4a635e8e5a1ec534684c7f24c3dc8e024bd0dd08c7da65cf1462740ce73313d850f882681c1df2d126dcbe8ba522
SSDEEP

196608:DzEoEVcj7XNbn9A7JO/amnynDIeXceR5MPrLh15dQ0j81az7lwh8/e1CSBEBN+tW:s8X1yDBKz7u4YBEBN+M8V

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 4504	1076	rundll32.exe	84
PID 1076 wrote to memory of 4504	1076	rundll32.exe	84
PID 1076 wrote to memory of 4504	1076	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtGui4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtGui4.dll,#1
  2⤵
  PID:4504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads