Overview

overview

6

Static

static

6

499ce7e26f...9a.exe

windows7-x64

4

499ce7e26f...9a.exe

windows10-2004-x64

4

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

PanoramaSt...ch.pdf

windows7-x64

3

PanoramaSt...ch.pdf

windows10-2004-x64

3

PanoramaSt...al.pdf

windows7-x64

3

PanoramaSt...al.pdf

windows10-2004-x64

3

PanoramaSt...ro.exe

windows7-x64

1

PanoramaSt...ro.exe

windows10-2004-x64

1

Qt5CoreR.dll

windows7-x64

1

Qt5CoreR.dll

windows10-2004-x64

1

Qt5GuiR.dll

windows7-x64

1

Qt5GuiR.dll

windows10-2004-x64

1

Qt5NetworkR.dll

windows7-x64

1

Qt5NetworkR.dll

windows10-2004-x64

1

Qt5PrintSupportR.dll

windows7-x64

1

Qt5PrintSupportR.dll

windows10-2004-x64

1

Qt5SvgR.dll

windows7-x64

1

Qt5SvgR.dll

windows10-2004-x64

1

Qt5WidgetsR.dll

windows7-x64

1

Qt5WidgetsR.dll

windows10-2004-x64

1

concrt140.dll

windows7-x64

1

concrt140.dll

windows10-2004-x64

1

filters.dll

windows7-x64

1

filters.dll

windows10-2004-x64

1

msvcp140.dll

windows7-x64

1

msvcp140.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 09:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Qt5PrintSupportR.dll

  • Size

    311KB

  • MD5

    bd174656911868cd58131f2d3094107d

  • SHA1

    279aa1ed8a62cb77bb905794eb17a10ac9057825

  • SHA256

    e8798836750e3336be35597f338d785c70c34a1a4da7f8ae560c7e0ec832b689

  • SHA512

    a7d0c052c5b2a858d8d7447c19d9bf9ccaef86b91e0a34a7c6c25afc28bb045ed5b2555faef1f2864a547b2d987a75289a7b2fae798fb6bb9426e75fa6361019

  • SSDEEP

    6144:eXTRn2+gG9l6+6pIFSgz+5RcyjVuFFhSvuFri2BlnZ24pNsfjoJz2RWh:eXMhGL6+Xz+5RcyjVuFFhSvuFri2Blnu

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Qt5PrintSupportR.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2068
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2068 -s 272
      2⤵
        PID:840

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2068-0-0x000007FEF68D0000-0x000007FEF6E23000-memory.dmp

      Filesize

      5.3MB

      Download