Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows10_x64 -
resource
win10 -
submitted
08-07-2020 06:46
Static task
static1
Behavioral task
behavioral1
Sample
Request Quotation.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Request Quotation.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
Request Quotation.exe
-
Size
811KB
-
MD5
14173aade597e05e15b23a697bd9e798
-
SHA1
15ecda2062500ff87ab716754e36b9f1daf6cb23
-
SHA256
878790fa825f77b1032e1ab3c7649b9e86c0ac2b848d07ed60f69f215ad5b5bb
-
SHA512
498f789b8b3d77783d08b037ac262a5caea76de8938e1c9c13cde68b7ae9d80fff742c67ac704a4a706de6b4de58ea6708ff6106d371e4479b5e4c6cabe14942
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes:
Request Quotation.exedescription pid process target process PID 976 wrote to memory of 2296 976 Request Quotation.exe schtasks.exe PID 976 wrote to memory of 2296 976 Request Quotation.exe schtasks.exe PID 976 wrote to memory of 3728 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3728 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3068 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3068 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3668 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3668 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3776 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3776 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3784 976 Request Quotation.exe Request Quotation.exe PID 976 wrote to memory of 3784 976 Request Quotation.exe Request Quotation.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Request Quotation.exedescription pid process Token: SeDebugPrivilege 976 Request Quotation.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
Request Quotation.exepid process 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe 976 Request Quotation.exe -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Request Quotation.exe"C:\Users\Admin\AppData\Local\Temp\Request Quotation.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:976 -
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bYbudlV" /XML "C:\Users\Admin\AppData\Local\Temp\tmpE99F.tmp"2⤵
- Creates scheduled task(s)
PID:2296 -
C:\Users\Admin\AppData\Local\Temp\Request Quotation.exe"{path}"2⤵PID:3728
-
C:\Users\Admin\AppData\Local\Temp\Request Quotation.exe"{path}"2⤵PID:3068
-
C:\Users\Admin\AppData\Local\Temp\Request Quotation.exe"{path}"2⤵PID:3668
-
C:\Users\Admin\AppData\Local\Temp\Request Quotation.exe"{path}"2⤵PID:3776
-
C:\Users\Admin\AppData\Local\Temp\Request Quotation.exe"{path}"2⤵PID:3784