Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

12094a47a9...05.dll

windows7-x64

10

12094a47a9...05.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2024, 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12094a47a9659b1c2f7c5b36e21d2b0145c9e7b2e79845a437508efa96e5f305.dll

  • Size

    898KB

  • MD5

    88bbf2a743baaf81f7a312be61f90d76

  • SHA1

    3719aabc29d5eb58d5d2d2a37066047c67bfc2c6

  • SHA256

    12094a47a9659b1c2f7c5b36e21d2b0145c9e7b2e79845a437508efa96e5f305

  • SHA512

    b01f955eb5f840e01f1f65d5f19c0963e155b1f8d03b4e0720eccbd397cc9aee9a19a63000719e3cf8f580573a335bd61f39fe1261f44e1d5371a9c695b60b70

  • SSDEEP

    24576:qTm4c0TXhxdmVQGn88R7XM3Ljluc9KEaJqCjh0LmK8:6jP8Q13LjluSrCj+q/

Score
10/10
qakbottchk071702975817bankerstealertrojan

Malware Config

Extracted

Family

qakbot

Botnet

tchk07

Campaign

1702975817

C2

116.203.56.11:443

109.107.181.8:443
Attributes
  • camp_date

    2023-12-19 08:50:17 +0000 UTC

Signatures

  • Detect Qakbot Payload 13 IoCs
  • Qakbot/Qbot

    Qbot or Qakbot is a sophisticated worm with banking capabilities.

    trojanbankerstealerqakbot
  • Modifies registry class 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\12094a47a9659b1c2f7c5b36e21d2b0145c9e7b2e79845a437508efa96e5f305.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Windows\System32\wermgr.exe
      C:\Windows\System32\wermgr.exe
      2⤵
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-14-0x00000156887F0000-0x000001568881E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1688-0-0x0000015686FF0000-0x000001568701F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1688-6-0x00000156887F0000-0x000001568881E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1688-4-0x0000015686FC0000-0x0000015686FED000-memory.dmp

    Filesize

    180KB

    Download

  • memory/1688-5-0x00000156887F0000-0x000001568881E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-28-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-24-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-8-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-7-0x0000026DA55C0000-0x0000026DA55C2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2044-27-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-26-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-25-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-15-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2044-30-0x0000026DA5590000-0x0000026DA55BE000-memory.dmp

    Filesize

    184KB

    Download