45f5e2a682896ac3380522e26a0398b8112bafc42948666c9fecafa3dcab69e3

Analysis

Target

QUOTE PRICE.exe
Size

558KB
MD5

3a35017603b428f692151484ad54ded0
SHA1

ac071c363f33e2a28aaffc77e5a34642d8246fe0
SHA256

45f5e2a682896ac3380522e26a0398b8112bafc42948666c9fecafa3dcab69e3
SHA512

6a2c113565aca37d63de00cdd59354400e901bb731d35e53a42951463662374dec5dfb83d109f059b59733abaf3c0f2057a87c22f69b2d738af37b6f19409d8d

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

QUOTE PRICE.exe

pid process

1116 QUOTE PRICE.exe
1116 QUOTE PRICE.exe
1116 QUOTE PRICE.exe
1116 QUOTE PRICE.exe
1116 QUOTE PRICE.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

QUOTE PRICE.exe

description pid process

Token: SeDebugPrivilege 1116 QUOTE PRICE.exe

description	pid	process
Token: SeDebugPrivilege	1116	QUOTE PRICE.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

QUOTE PRICE.exe

description	pid	process	target process
PID 1116 wrote to memory of 972	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 972	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 972	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 972	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 896	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 896	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 896	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 896	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 952	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 952	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 952	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 952	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1660	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1660	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1660	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1660	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1600	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1600	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1600	1116	QUOTE PRICE.exe	QUOTE PRICE.exe
PID 1116 wrote to memory of 1600	1116	QUOTE PRICE.exe	QUOTE PRICE.exe

C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe"
2⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe"
2⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe"
2⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe"
2⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTE PRICE.exe"
2⤵
PID:1600

memory/1116-53-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1116-55-0x0000000004C30000-0x0000000004C31000-memory.dmp

Filesize
4KB

Download
memory/1116-56-0x0000000001E00000-0x0000000001E1D000-memory.dmp

Filesize
116KB

Download
memory/1116-57-0x0000000005240000-0x00000000052A9000-memory.dmp

Filesize
420KB

Download
memory/1116-58-0x0000000004160000-0x000000000419A000-memory.dmp

Filesize
232KB

Download