Overview

overview

10

Static

static

RFQ-YEKHA-20-0151.exe

windows7_x64

1

RFQ-YEKHA-20-0151.exe

windows10_x64

10

Analysis

  • max time kernel
    104s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    21-06-2021 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ-YEKHA-20-0151.exe

  • Size

    702KB

  • MD5

    20ceb0cdf1f078b28671054c2863052c

  • SHA1

    fc335d40a3fe8aceb4fbfd89c279b9b56a142556

  • SHA256

    4223fc55e6b0fc32d0f55607395055db9023a5d6980dccad59f11aadf0179b86

  • SHA512

    1639777ffadd90248a0735429fb3068a0dc5ad106520416104afaebfb2744950c96ee8918267041c6055a882b022ea15472f545e7333329124d2699e5847ec1a

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe
      "C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe"
      2⤵
        PID:1468
      • C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe
        "C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe"
        2⤵
          PID:652
        • C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe
          "C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe"
          2⤵
            PID:748
          • C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe
            "C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe"
            2⤵
              PID:764
            • C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe
              "C:\Users\Admin\AppData\Local\Temp\RFQ-YEKHA-20-0151.exe"
              2⤵
                PID:112

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2044-59-0x0000000075B31000-0x0000000075B33000-memory.dmp
              Filesize

              8KB

              Download
            • memory/2044-60-0x00000000007A0000-0x00000000007A1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/2044-61-0x00000000007A1000-0x00000000007A2000-memory.dmp
              Filesize

              4KB

              Download