769a104eb70d58e33f4d6ba232e5c179db1618604e62b31ceebdaf1dcae47b40

Analysis

Target

QUOTATION '.exe
Size

885KB
MD5

2fdc9cdf35cbdd01b4f61eaa4d8d38a6
SHA1

a59e65c3ecc0c3f586bece4db3a085734c3e4da5
SHA256

c7e4871bd8e22a0dfd8116206cff6631ca4a91857df75017b890768da0730041
SHA512

122adec9d2185d0327f4d07b466e71a55f2689216009325aa5ffd62eb8247654a8dd659031cf07197151f1c17e654a8e4f3e343a04ad61efd5def1340bf97201

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

QUOTATION '.exe

pid process

1324 QUOTATION '.exe
1324 QUOTATION '.exe
1324 QUOTATION '.exe
1324 QUOTATION '.exe
1324 QUOTATION '.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

QUOTATION '.exe

description pid process

Token: SeDebugPrivilege 1324 QUOTATION '.exe

description	pid	process
Token: SeDebugPrivilege	1324	QUOTATION '.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

QUOTATION '.exe

description	pid	process	target process
PID 1324 wrote to memory of 948	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 948	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 948	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 948	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1612	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1612	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1612	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1612	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1544	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1544	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1544	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1544	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1552	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1552	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1552	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1552	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1936	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1936	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1936	1324	QUOTATION '.exe	QUOTATION '.exe
PID 1324 wrote to memory of 1936	1324	QUOTATION '.exe	QUOTATION '.exe

memory/1324-54-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1324-56-0x0000000004D80000-0x0000000004D81000-memory.dmp

Filesize
4KB

Download
memory/1324-57-0x00000000001C0000-0x00000000001CE000-memory.dmp

Filesize
56KB

Download
memory/1324-58-0x0000000005AB0000-0x0000000005B2D000-memory.dmp

Filesize
500KB

Download
memory/1324-59-0x0000000000A70000-0x0000000000A9B000-memory.dmp

Filesize
172KB

Download