c33bbc9a04b5d8e0dd321f4c3f4b254bf4b78dbf126767716b9696e6a2fceabe | Triage

Analysis

max time kernel
11s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 12:06

Sharing

Report Analysis Logs

General

Target

bbi/Qt5Network.dll
Size

1.3MB
MD5

ede0cf8a13a02754b1549d85d03a82c5
SHA1

ea70334a1c6bcb3fcc67c2da474932adfee3d44d
SHA256

c4ab7e26a33504d8268b13d8d895b0b0225560a6ff12486cddef9980671c34df
SHA512

498aa337358cab3539308a06c895377d73a9ea9eb0667166d349f458586ebfe3617d7b17bce1fed5c4187bfb0be9300a0d7b0fd2a174653d063211b83a34ba30
SSDEEP

24576:DXPn73RXox1U9M0m+1ffSDY565RzHUY1iaRy95hdGehEq:L7hXU1U95m4ff9A5RviaRy9NGO

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 928	2264	rundll32.exe	29
PID 2264 wrote to memory of 928	2264	rundll32.exe	29
PID 2264 wrote to memory of 928	2264	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbi\Qt5Network.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2264 -s 228
  2⤵
  PID:928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads