Overview
overview
5Static
static
3QtCore4.dll
windows11-21h2-x64
3QtGui4.dll
windows11-21h2-x64
3QtNetwork4.dll
windows11-21h2-x64
3QtWebKit4.dll
windows11-21h2-x64
3msvcp100.dll
windows11-21h2-x64
3msvcr100.dll
windows11-21h2-x64
3qLauncher.exe
windows11-21h2-x64
5sewtei
windows11-21h2-x64
1ygyg
windows11-21h2-x64
1Analysis
-
max time kernel
92s -
max time network
208s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-12-2024 15:01
Static task
static1
Behavioral task
behavioral1
Sample
QtCore4.dll
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
QtGui4.dll
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
QtNetwork4.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
QtWebKit4.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
msvcp100.dll
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
msvcr100.dll
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
qLauncher.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
sewtei
Resource
win11-20241023-en
Behavioral task
behavioral9
Sample
ygyg
Resource
win11-20241007-en
General
-
Target
QtWebKit4.dll
-
Size
13.6MB
-
MD5
e0a37166000dcdcf457f3c0f5286b263
-
SHA1
c0cb19abaf804a51455ed03f11307fa9729b414a
-
SHA256
5e0a309d359506399410540e3a56bded9e002981dbe2fb15fd5e40fd7267f70a
-
SHA512
18d863fb7081e79fdd040be41067958c25d227ff69532b7febac6e73147bbcad8bbdc986bc5de7fce1bee2b755a9c16758e672275a4888cab420509ea85ba0b3
-
SSDEEP
393216:CiPRm2UlXMYFNDfr9lPLdw3VRkXXsSBZrk9v2z0pOQ:CMJe8YFVhlOF2V3rQe0pOQ
Malware Config
Signatures
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target Process procid_target 1288 1564 WerFault.exe 77 4332 1564 WerFault.exe 77 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid Process 1564 rundll32.exe 1564 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 1164 wrote to memory of 1564 1164 rundll32.exe 77 PID 1164 wrote to memory of 1564 1164 rundll32.exe 77 PID 1164 wrote to memory of 1564 1164 rundll32.exe 77
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\QtWebKit4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1164 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\QtWebKit4.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1564 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 5923⤵
- Program crash
PID:1288
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 6323⤵
- Program crash
PID:4332
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1564 -ip 15641⤵PID:3188
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1564 -ip 15641⤵PID:4048