Overview

overview

10

Static

static

RFQ-072021...50.exe

windows7_x64

1

RFQ-072021...50.exe

windows10_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    93s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    22-07-2021 08:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe

  • Size

    703KB

  • MD5

    78ef2d5c9e5d81948b1f1ab4ffb57f7b

  • SHA1

    dc83666aa62b366696bb18b4ead5aedfa5b0ded8

  • SHA256

    7eb0aa2bb9b4cd1c856ed48f3719bc000ad03d0a478cc9487536702585bdaebf

  • SHA512

    65c42a51c8adcb57d7ddd42db131c879a82ca2f4a75b9bb19f933117b96591132de0e74f89a3be83919c63aaac5c7af5325f0dea7acb7b7f45896adc01374d4b

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Users\Admin\AppData\Local\Temp\RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
      "{path}"
      2⤵
        PID:1400
      • C:\Users\Admin\AppData\Local\Temp\RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
        "{path}"
        2⤵
          PID:1696
        • C:\Users\Admin\AppData\Local\Temp\RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
          "{path}"
          2⤵
            PID:744
          • C:\Users\Admin\AppData\Local\Temp\RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
            "{path}"
            2⤵
              PID:288
            • C:\Users\Admin\AppData\Local\Temp\RFQ-07202111035__CRFQ-07-2021-08220__5500342450.exe
              "{path}"
              2⤵
                PID:788

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1088-59-0x00000000003F0000-0x00000000003F1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1088-61-0x0000000000390000-0x00000000003ED000-memory.dmp
              Filesize

              372KB

              Download
            • memory/1088-62-0x0000000004B40000-0x0000000004B41000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1088-63-0x0000000001DF0000-0x0000000001DF2000-memory.dmp
              Filesize

              8KB

              Download
            • memory/1088-64-0x0000000005000000-0x000000000507E000-memory.dmp
              Filesize

              504KB

              Download
            • memory/1088-65-0x0000000004140000-0x0000000004178000-memory.dmp
              Filesize

              224KB

              Download