Analysis
-
max time kernel
12s -
max time network
107s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
18-01-2021 07:51
Static task
static1
Behavioral task
behavioral1
Sample
Quotation Request-PDF_PDF.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Quotation Request-PDF_PDF.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
Quotation Request-PDF_PDF.exe
-
Size
1.6MB
-
MD5
25a3b2a25320e45a9a58eb84789719ee
-
SHA1
7b1ffe6a3be0d676b89f2986ca1ae6fee11fe271
-
SHA256
858819973735c0c8715675602e067da2f7ef3ac0fa34bc2c96c39831addb8992
-
SHA512
e526426fdee134ebffd28a9c9625fc0907b1fcdc6d6047df54d353b0841464dbe09db87b1e44ac2f549b926032e5e3780a1469a4aa9fa2c69b556dd3efcfdb43
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
Processes:
Quotation Request-PDF_PDF.exedescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.url Quotation Request-PDF_PDF.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
Quotation Request-PDF_PDF.exepid process 1196 Quotation Request-PDF_PDF.exe 1196 Quotation Request-PDF_PDF.exe 1196 Quotation Request-PDF_PDF.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
Quotation Request-PDF_PDF.exepid process 1196 Quotation Request-PDF_PDF.exe 1196 Quotation Request-PDF_PDF.exe 1196 Quotation Request-PDF_PDF.exe