Overview

overview

10

Static

static

January RFQ..exe

windows7_x64

1

January RFQ..exe

windows10_x64

10

Analysis

  • max time kernel
    49s
  • max time network
    14s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    19-01-2021 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    January RFQ..exe

  • Size

    1.5MB

  • MD5

    cc13b6f169803d95f021b0ae44ffe5cb

  • SHA1

    fbe82085f8df30bd7968c54afcd583bcb9bdc8dc

  • SHA256

    99a42bd8c8cfb6b3b69162c2f3f657b3b3972dd353338ff17accb1c9afcd5892

  • SHA512

    df35b54a1833d848ba052fe6c389ad3e08ad3962f7d98f17858cf20afe92d499058f54efb7a7138f99b1abc9df9aecaa10bcbd18bb4112ad60eb093ad4caf1b0

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\January RFQ..exe
    "C:\Users\Admin\AppData\Local\Temp\January RFQ..exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Users\Admin\AppData\Local\Temp\January RFQ..exe
      "{path}"
      2⤵
        PID:1340
      • C:\Users\Admin\AppData\Local\Temp\January RFQ..exe
        "{path}"
        2⤵
          PID:380
        • C:\Users\Admin\AppData\Local\Temp\January RFQ..exe
          "{path}"
          2⤵
            PID:1808
          • C:\Users\Admin\AppData\Local\Temp\January RFQ..exe
            "{path}"
            2⤵
              PID:520
            • C:\Users\Admin\AppData\Local\Temp\January RFQ..exe
              "{path}"
              2⤵
                PID:392

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1056-2-0x0000000073C60000-0x000000007434E000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/1056-3-0x00000000003A0000-0x00000000003A1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1056-5-0x0000000004200000-0x000000000427C000-memory.dmp
              Filesize

              496KB

              Download
            • memory/1056-6-0x0000000005F20000-0x0000000005F21000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1056-7-0x00000000006C0000-0x00000000006CE000-memory.dmp
              Filesize

              56KB

              Download
            • memory/1056-8-0x000000000BB60000-0x000000000BBBA000-memory.dmp
              Filesize

              360KB

              Download