Overview

overview

3

Static

static

3

InputRedir...Qt.exe

windows10-1703-x64

3

Qt5Core.dll

windows10-1703-x64

3

Qt5Gamepad.dll

windows10-1703-x64

3

Qt5Gui.dll

windows10-1703-x64

3

Qt5Network.dll

windows10-1703-x64

3

Qt5Svg.dll

windows10-1703-x64

3

Qt5Widgets.dll

windows10-1703-x64

3

gamepads/x...ad.dll

windows10-1703-x64

3

gamepads/x...dd.dll

windows10-1703-x64

3

libgcc_s_dw2-1.dll

windows10-1703-x64

3

libstdc++-6.dll

windows10-1703-x64

3

libwinpthread-1.dll

windows10-1703-x64

3

platforms/...ws.dll

windows10-1703-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/09/2024, 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Qt5Core.dll

  • Size

    5.2MB

  • MD5

    d865697f9deefeed3f0e8d4678dc34b2

  • SHA1

    41db3b6d2740f16ddecbc13cf962b36eff77407b

  • SHA256

    65e794e80c6bf5feab7836e45a767245f655fdfb94d67e9185552544b40b69ff

  • SHA512

    94d4cd9762917503ba1c39055e01df0fdf2597774b01ee2e2b81dba55381504c422ab9b450b606108a3ee45fe77912adce0a5b4997ea0cd486abb0cb48f30abc

  • SSDEEP

    98304:LDswi3vP/y18NeeMIHKWOxWe0Z0mK9hkm70EoQLafQJsv6tWKFdu9Chl4zE:XswhI4xWbZEzOEJsv6tWKFdu9ChK

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Qt5Core.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Qt5Core.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3644
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 684
        3⤵
        • Program crash
        PID:4108

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3644-4-0x0000000068A81000-0x0000000068D28000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3644-8-0x0000000064B40000-0x0000000064B5B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/3644-7-0x000000006FE40000-0x000000006FFBE000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3644-6-0x000000006EB40000-0x000000006EB64000-memory.dmp

    Filesize

    144KB

    Download

  • memory/3644-5-0x0000000068A80000-0x0000000068FB5000-memory.dmp

    Filesize

    5.2MB

    Download