Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
12-09-2024 09:05
General
-
Target
Tools/rdp/RDP Forcer 1.5/KPortScan 3.0/KPortScan 3.0/QtNetwork4.dll
-
Size
982KB
-
MD5
5c6afae60414546cef0a9b759da93912
-
SHA1
928aba35960a17b9ee3a3e2f2f890b8aa6842e6b
-
SHA256
99757ec661fd7de3b22fb641f25cf1565aae13daf8d31c6686c6c7cbd2be6fc9
-
SHA512
bbd7aae541c5677317f68472c4be008164909f6395c43e554c4b070fb398ec680f496505644de0a706f831bc850e770c60c699d5aa0d5a7e0e19c5fc48e5c727
-
SSDEEP
12288:BQ4LHoNwBkUx/0RpieLY+EZ8R2/hGT/YOt2ck/qTpQ39NM7LMi7nR4djiz0R6H2j:zr/k60RpizZ83/T6CTeNuMwR4djip8L
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Tools\rdp\RDP Forcer 1.5\KPortScan 3.0\KPortScan 3.0\QtNetwork4.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Tools\rdp\RDP Forcer 1.5\KPortScan 3.0\KPortScan 3.0\QtNetwork4.dll",#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 2363⤵
- Program crash