b0ae66cd2296539cdeb9f833ff7ebc3616cda6d8068d1883e27a04c9240d0d3f

Analysis

max time kernel
112s
max time network
120s
platform
windows7_x64
resource
win7
submitted
15/07/2020, 13:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Quotation for RC outdoor project.exe
Size

1008KB
MD5

c2e99d68e75306bde7e7494444fa882c
SHA1

8f56a68126f81afc92a71b5eaaeb53a0beb696e8
SHA256

b0ae66cd2296539cdeb9f833ff7ebc3616cda6d8068d1883e27a04c9240d0d3f
SHA512

62b012235d0a3e2ebbaa3406a07ad49c2d10c87d81aab6c7aad74856af2b78fb04404ea2e82f26d66fde14c84fda8a8abfb25201d11c20878a7fd3ed9c16e1c4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 1440	1124	Quotation for RC outdoor project.exe	24
PID 1124 wrote to memory of 1440	1124	Quotation for RC outdoor project.exe	24
PID 1124 wrote to memory of 1440	1124	Quotation for RC outdoor project.exe	24
PID 1124 wrote to memory of 1440	1124	Quotation for RC outdoor project.exe	24
PID 1124 wrote to memory of 1452	1124	Quotation for RC outdoor project.exe	25
PID 1124 wrote to memory of 1452	1124	Quotation for RC outdoor project.exe	25
PID 1124 wrote to memory of 1452	1124	Quotation for RC outdoor project.exe	25
PID 1124 wrote to memory of 1452	1124	Quotation for RC outdoor project.exe	25
PID 1124 wrote to memory of 1520	1124	Quotation for RC outdoor project.exe	26
PID 1124 wrote to memory of 1520	1124	Quotation for RC outdoor project.exe	26
PID 1124 wrote to memory of 1520	1124	Quotation for RC outdoor project.exe	26
PID 1124 wrote to memory of 1520	1124	Quotation for RC outdoor project.exe	26
PID 1124 wrote to memory of 1580	1124	Quotation for RC outdoor project.exe	27
PID 1124 wrote to memory of 1580	1124	Quotation for RC outdoor project.exe	27
PID 1124 wrote to memory of 1580	1124	Quotation for RC outdoor project.exe	27
PID 1124 wrote to memory of 1580	1124	Quotation for RC outdoor project.exe	27
PID 1124 wrote to memory of 292	1124	Quotation for RC outdoor project.exe	28
PID 1124 wrote to memory of 292	1124	Quotation for RC outdoor project.exe	28
PID 1124 wrote to memory of 292	1124	Quotation for RC outdoor project.exe	28
PID 1124 wrote to memory of 292	1124	Quotation for RC outdoor project.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1124	Quotation for RC outdoor project.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1124	Quotation for RC outdoor project.exe
1124	Quotation for RC outdoor project.exe
1124	Quotation for RC outdoor project.exe
1124	Quotation for RC outdoor project.exe
1124	Quotation for RC outdoor project.exe

C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe
"C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1124
- C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe
  "{path}"
  2⤵
  PID:1440
- C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe
  "{path}"
  2⤵
  PID:1452
- C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe
  "{path}"
  2⤵
  PID:1520
- C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe
  "{path}"
  2⤵
  PID:1580
- C:\Users\Admin\AppData\Local\Temp\Quotation for RC outdoor project.exe
  "{path}"
  2⤵
  PID:292

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads