Analysis

  • max time kernel
    92s
  • max time network
    208s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03-12-2024 15:01

General

  • Target

    QtWebKit4.dll

  • Size

    13.6MB

  • MD5

    e0a37166000dcdcf457f3c0f5286b263

  • SHA1

    c0cb19abaf804a51455ed03f11307fa9729b414a

  • SHA256

    5e0a309d359506399410540e3a56bded9e002981dbe2fb15fd5e40fd7267f70a

  • SHA512

    18d863fb7081e79fdd040be41067958c25d227ff69532b7febac6e73147bbcad8bbdc986bc5de7fce1bee2b755a9c16758e672275a4888cab420509ea85ba0b3

  • SSDEEP

    393216:CiPRm2UlXMYFNDfr9lPLdw3VRkXXsSBZrk9v2z0pOQ:CMJe8YFVhlOF2V3rQe0pOQ

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtWebKit4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\QtWebKit4.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1564
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 592
        3⤵
        • Program crash
        PID:1288
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 632
        3⤵
        • Program crash
        PID:4332
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1564 -ip 1564
    1⤵
      PID:3188
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1564 -ip 1564
      1⤵
        PID:4048

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1564-0-0x0000000073C23000-0x00000000743C5000-memory.dmp

        Filesize

        7.6MB

      • memory/1564-1-0x0000000000C60000-0x0000000000C61000-memory.dmp

        Filesize

        4KB

      • memory/1564-2-0x0000000073060000-0x0000000075167000-memory.dmp

        Filesize

        33.0MB