Overview

overview

10

Static

static

3

qrspoofer.exe

windows7-x64

7

qrspoofer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2024, 15:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    qrspoofer.exe

  • Size

    12.5MB

  • MD5

    416f978b32c00b2d8ab65eca1aab3f6e

  • SHA1

    e0869f684b5fb07f2aac11520117d01c28991379

  • SHA256

    fbf37eec3f7bae65dd29f9fda29d53ed689869b9486106c3a65511094a1304e0

  • SHA512

    987b50db51b142a4c4feaa657beaaa124f4169ff623ee533b5aa5e6fea281cde872a1e0c5e82ceff6e41290a978be8dd6b39cb719a519f44c6270a162e2ec8c5

  • SSDEEP

    196608:uUPFeR2UqZt/TLx4hz7DIxyOwfI9jsC8XMvH8zPjweqpZ0chXcMwQjeVFcXKgzwy:ztecTGz7k2In8XgHqSq+cMgqDsEG5

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\qrspoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\qrspoofer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\qrspoofer.exe
      "C:\Users\Admin\AppData\Local\Temp\qrspoofer.exe"
      2⤵
      • Loads dropped DLL
      PID:2940

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI17002\python312.dll
          Filesize

          1.7MB

          MD5

          a37c6b85c5682a63123fd7082a655326

          SHA1

          1ce7ced2379c25babaad75502c25e1d221b0fd54

          SHA256

          0992a1d6c8d44588ff187b66eff3e813f2bd85972ac51adf2ad66c1591a6146a

          SHA512

          d8014663d1fe8aee022773565fd59796f3cde4eed6ccc94b0e3177e8764fc5b4527a4cfaad50cc8a29f94b47dc2d1b3e697783bb167b37727a687c365144311e

          Download Submit

        • memory/2940-63-0x000007FEF5DB0000-0x000007FEF6472000-memory.dmp

          Filesize

          6.8MB

          Download