Overview

overview

5

Static

static

Kiki

windows7_x64

5

Resubmissions

02-04-2021 10:13

210402-qmk84q731a 5

01-04-2021 07:23

210401-qmxmygyems 10

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    02-04-2021 10:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    QFSN0331PDF.exe

  • Size

    519KB

  • MD5

    18377afa571a27e3d67024934eb425fc

  • SHA1

    72e4b926dcf352558304f42fac331b2dda61049e

  • SHA256

    edbc5c4578e139f3194afcb1ccd8627f8f966bfda05e4574d0e8dcc65b8a4dcb

  • SHA512

    7ea97d9f6bfe31288d8487386ec5d92ea9d9d7832813d40f20c49cc345c03b4caec4c2558258c7f5d895663a38aff1afe8edd70bf49ebed4dfbcb5b8a0542475

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\QFSN0331PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\QFSN0331PDF.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Users\Admin\AppData\Local\Temp\QFSN0331PDF.exe
      "C:\Users\Admin\AppData\Local\Temp\QFSN0331PDF.exe"
      2⤵
        PID:740
      • C:\Users\Admin\AppData\Local\Temp\QFSN0331PDF.exe
        "C:\Users\Admin\AppData\Local\Temp\QFSN0331PDF.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:240

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/240-8-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/240-9-0x00000000004296EE-mapping.dmp
      Download
    • memory/240-10-0x0000000073E00000-0x00000000744EE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/240-11-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/240-13-0x0000000000730000-0x0000000000731000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1812-2-0x0000000073E00000-0x00000000744EE000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/1812-3-0x0000000000330000-0x0000000000331000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1812-5-0x0000000000270000-0x0000000000279000-memory.dmp
      Filesize

      36KB

      Download
    • memory/1812-6-0x0000000004910000-0x0000000004911000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1812-7-0x0000000004F20000-0x0000000004F78000-memory.dmp
      Filesize

      352KB

      Download