Analysis
-
max time kernel
14s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
18-01-2021 18:25
Static task
static1
Behavioral task
behavioral1
Sample
QOUTATION-PDF- SCAN COPY.com.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
QOUTATION-PDF- SCAN COPY.com.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
QOUTATION-PDF- SCAN COPY.com.exe
-
Size
1.5MB
-
MD5
9a9bbfd840fc81a65bbbd542c5b218c9
-
SHA1
41a8ce06eff712b8aa1e6c9a86776b9fa1763950
-
SHA256
a29a5b9eafdb7e2dbec28f1cb59d5ffcec859333d8f1a4cc00a37c3eded32ae3
-
SHA512
6f06eedda66f0e55b24f82d9c6bbabc08972c271749ceacd7826f5062034d135a4d0e89d65c1c693cd85947ac9763d1cac3521f75fc72c4abf38f733dfafa4e5
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
QOUTATION-PDF- SCAN COPY.com.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.url QOUTATION-PDF- SCAN COPY.com.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
QOUTATION-PDF- SCAN COPY.com.exepid process 1032 QOUTATION-PDF- SCAN COPY.com.exe 1032 QOUTATION-PDF- SCAN COPY.com.exe 1032 QOUTATION-PDF- SCAN COPY.com.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
QOUTATION-PDF- SCAN COPY.com.exepid process 1032 QOUTATION-PDF- SCAN COPY.com.exe 1032 QOUTATION-PDF- SCAN COPY.com.exe 1032 QOUTATION-PDF- SCAN COPY.com.exe