Overview

overview

10

Static

static

3

QuarkPC.exe

windows11-21h2-x64

10

$APPDATA/P...gs.vbs

windows11-21h2-x64

3

$APPDATA/P...ns.ps1

windows11-21h2-x64

3

$APPDATA/P...te.dll

windows11-21h2-x64

3

$LOCALAPPD..._R.exe

windows11-21h2-x64

5

$LOCALAPPD...32.exe

windows11-21h2-x64

3

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$WINDIR/Text.ps1

windows11-21h2-x64

3

QuarkPC.exe

windows11-21h2-x64

4

Resubmissions

31/03/2025, 15:25

250331-st3p2svps7 10

Analysis

  • max time kernel
    11s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/03/2025, 15:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QuarkPC.exe

  • Size

    216.1MB

  • MD5

    7816b1d8cbff825310f5e4f712f3696d

  • SHA1

    131bf00914f03cd76a7bb01f55bb6d7e5f463ee0

  • SHA256

    bd0b5d3f7310d3f23caa43e3a18886fa805f06b4865de1cf620a233c21956cf6

  • SHA512

    c7da78b0590ca40471da9e280cbf708922c99190664bf92bbffc5c939241161f9697b41c353fbf45e4fe20a7e12c9b8447fdb835fffbac650a9d94a936062d72

  • SSDEEP

    6291456:wgaGIOvFH/nF6jxaUsDg9SxsaXnLLgBfNShzbFNsmOLXYfyq:3ahSp/FIamQx93PglkzBNsmOT+

Score
4/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QuarkPC.exe
    "C:\Users\Admin\AppData\Local\Temp\QuarkPC.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3836
    • C:\Users\Admin\AppData\Local\Temp\is-KAB3L.tmp\QuarkPC.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-KAB3L.tmp\QuarkPC.tmp" /SL5="$6026E,225271564,1206784,C:\Users\Admin\AppData\Local\Temp\QuarkPC.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-KAB3L.tmp\QuarkPC.tmp
    Filesize

    3.4MB

    MD5

    e3408368be5530c42a981891341e75f4

    SHA1

    944595b76d0f3efbc26e7e400d21c4b38dadae54

    SHA256

    af40cdb4275741413fb89205b593300e3f981647284f9c680f74573414255079

    SHA512

    b5da593a76e5dcd0593a953e7b078dfb735bf1644b37e55f73f6b090e8e45e6b3402bc39111c01047e1a7345b6a2f4d2447dc729f787c09e9c6efe4cb4e44537

    Download Submit

  • memory/3448-6-0x0000000000400000-0x0000000000766000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3448-8-0x0000000000400000-0x0000000000766000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/3836-1-0x0000000000400000-0x0000000000534000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3836-2-0x0000000000401000-0x00000000004B7000-memory.dmp

    Filesize

    728KB

    Download

  • memory/3836-7-0x0000000000400000-0x0000000000534000-memory.dmp

    Filesize

    1.2MB

    Download