Overview

overview

7

Static

static

3

infected/QtCore4.dll

windows10-ltsc 2021-x64

3

infected/QtGui4.dll

windows10-ltsc 2021-x64

3

infected/Q...k4.dll

windows10-ltsc 2021-x64

3

infected/Q...t4.dll

windows10-ltsc 2021-x64

3

infected/Setup.exe

windows10-ltsc 2021-x64

7

infected/a...-1.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/a...-0.dll

windows10-ltsc 2021-x64

1

infected/msvcp100.dll

windows10-ltsc 2021-x64

3

infected/msvcr100.dll

windows10-ltsc 2021-x64

3

infected/nvdisps.dll

windows10-ltsc 2021-x64

5

infected/nvdispsr.dll

windows10-ltsc 2021-x64

1

infected/n...32.dll

windows10-ltsc 2021-x64

3

infected/t...64.dll

windows10-ltsc 2021-x64

1

infected/t...ts.dll

windows10-ltsc 2021-x64

1

Resubmissions

08-11-2024 01:13

241108-blevks1lgs 10

08-11-2024 00:57

241108-ba4dsstqfn 10

07-11-2024 19:15

241107-xypq7sznbk 7

Analysis

  • max time kernel
    96s
  • max time network
    139s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    07-11-2024 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    infected/QtNetwork4.dll

  • Size

    1.0MB

  • MD5

    8a2e025fd3ddd56c8e4f63416e46e2ec

  • SHA1

    5f58feb11e84aa41d5548f5a30fc758221e9dd64

  • SHA256

    52ae07d1d6a467283055a3512d655b6a43a42767024e57279784701206d97003

  • SHA512

    8e3a449163e775dc000e9674bca81ffabc7fecd9278da5a40659620cfc9cc07f50cc29341e74176fe10717b2a12ea3d5148d1ffc906bc809b1cd5c8c59de7ba1

  • SSDEEP

    12288:m+PpRNPe4+DZFvnwJ9o+Hllp59K03AskvvukLosiLHrv7F0YmIYunuGS:m+hRCZhwY+Hllp59OHvfo7HrCYmItnC

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\infected\QtNetwork4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\infected\QtNetwork4.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1892
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 656
        3⤵
        • Program crash
        PID:1128
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1892 -ip 1892
    1⤵
      PID:3064

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads