87a559aed5a8f9b9bff640ad19eda0e85b31577a4f4a3a7b1464fa766b9b011a | Triage

Analysis

max time kernel
11s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 00:33

Sharing

Report Analysis Logs

General

Target

release/x64/Qt5Core.dll
Size

5.3MB
MD5

2f997eb6ba34065496cb088f1489aebb
SHA1

29fd1c8a3e71cfbc49c9f160dce2749cecaf0cb6
SHA256

7a4cb4ced60598ed0a4f31dfdc01a8019df5cca6cbbfd3ec7f629edd99db6007
SHA512

4b1fd309cae1205bd3eff3b48b21893a20211356779b29c9f7739bbe6eabfa3e83e256e8406aa0af0b223b1376ec139e9605a0451359c0cccd21d3360477c233
SSDEEP

98304:4WcwN5Gs2OJsv6tWKFdu9CwCGNcqCWHfUr:4WcwN5GspJsv6tWKFdu9CwLNcqCWHfA

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 1832	2304	rundll32.exe	30
PID 2304 wrote to memory of 1832	2304	rundll32.exe	30
PID 2304 wrote to memory of 1832	2304	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\release\x64\Qt5Core.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2304 -s 172
  2⤵
  PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads