ebb59161759ac7e1a5c5b58f4eac53013778d1d39a5be4979c099a80c7f0bc55 | Triage

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 18:09

Sharing

Report Analysis Logs

General

Target

archive/appsremote/qtiff.dll
Size

314KB
MD5

756d047a93d72771578286e621585ed2
SHA1

313add1e91a21648f766aaa643350bec18ec5b5d
SHA256

f9ebf4c98c1e0179cd76a1985386928fdb9e6f459e2238ed5530d160df4f0923
SHA512

67fa91f266f0030ca0695f1c7964ee4d1c1447413420d0379eca62d54cc9d6cd0706df62da0043259b563e95a9c3a5c7ef0e0baacb36cafed5c9fcb1a3954aca
SSDEEP

6144:kRfirNO3cCAolH6NdXv1+74AvPY6am60rvTW:kRsEgolH89+R2

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1420	956	rundll32.exe	84
PID 956 wrote to memory of 1420	956	rundll32.exe	84
PID 956 wrote to memory of 1420	956	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\archive\appsremote\qtiff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\archive\appsremote\qtiff.dll,#1
  2⤵
  PID:1420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads