Overview

overview

10

Static

static

Quotation ...DF.exe

windows7_x64

10

Quotation ...DF.exe

windows10_x64

7

Analysis

  • max time kernel
    12s
  • max time network
    107s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    18-01-2021 07:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quotation Request-PDF_PDF.exe

  • Size

    1.6MB

  • MD5

    25a3b2a25320e45a9a58eb84789719ee

  • SHA1

    7b1ffe6a3be0d676b89f2986ca1ae6fee11fe271

  • SHA256

    858819973735c0c8715675602e067da2f7ef3ac0fa34bc2c96c39831addb8992

  • SHA512

    e526426fdee134ebffd28a9c9625fc0907b1fcdc6d6047df54d353b0841464dbe09db87b1e44ac2f549b926032e5e3780a1469a4aa9fa2c69b556dd3efcfdb43

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quotation Request-PDF_PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\Quotation Request-PDF_PDF.exe"
    1⤵
    • Drops startup file
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1196-3-0x00000000018E0000-0x00000000018E3000-memory.dmp
    Filesize

    12KB

    Download
  • memory/1196-2-0x00000000018B0000-0x00000000018D1000-memory.dmp
    Filesize

    132KB

    Download