Overview

overview

10

Static

static

QUO29393.exe

windows7_x64

10

QUO29393.exe

windows10_x64

3

Analysis

  • max time kernel
    144s
  • max time network
    107s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    31-07-2020 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QUO29393.exe

  • Size

    1.1MB

  • MD5

    60a03e78b2781f94f1033859b6b9f2fd

  • SHA1

    033643dab0f443d8b50b4218d8bbe956e03af6ff

  • SHA256

    24a6ec83c1a75f4bfefa0e5df247fbc354cea37c917da05a38e2687b7b26c464

  • SHA512

    17c0ab71f9a260e76564d17d8a88ac0ade820c9cdabac9f8fe4f1e24332ab7b407a107ca8e2c563e667d99a51d488c8cb830b197c76c29d52ab25d426411aef4

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QUO29393.exe
    "C:\Users\Admin\AppData\Local\Temp\QUO29393.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:3876
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 968
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:3496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3496-0-0x0000000004710000-0x0000000004711000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3496-1-0x0000000004710000-0x0000000004711000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3496-3-0x0000000004910000-0x0000000004911000-memory.dmp
    Filesize

    4KB

    Download