Overview

overview

10

Static

static

QOUTATION-...om.exe

windows7_x64

10

QOUTATION-...om.exe

windows10_x64

7

Analysis

  • max time kernel
    14s
  • max time network
    110s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    18-01-2021 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QOUTATION-PDF- SCAN COPY.com.exe

  • Size

    1.5MB

  • MD5

    9a9bbfd840fc81a65bbbd542c5b218c9

  • SHA1

    41a8ce06eff712b8aa1e6c9a86776b9fa1763950

  • SHA256

    a29a5b9eafdb7e2dbec28f1cb59d5ffcec859333d8f1a4cc00a37c3eded32ae3

  • SHA512

    6f06eedda66f0e55b24f82d9c6bbabc08972c271749ceacd7826f5062034d135a4d0e89d65c1c693cd85947ac9763d1cac3521f75fc72c4abf38f733dfafa4e5

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QOUTATION-PDF- SCAN COPY.com.exe
    "C:\Users\Admin\AppData\Local\Temp\QOUTATION-PDF- SCAN COPY.com.exe"
    1⤵
    • Drops startup file
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1032-3-0x0000000000C20000-0x0000000000C23000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1032-2-0x0000000001E00000-0x0000000001E21000-memory.dmp
    Filesize

    132KB

    Download