687a1d2494d31819195e196dbedb77debab11b228bf8ce58dddff6857c7a22e2

General

Target

RFQ W-1802-1889.exe
Size

1.3MB
MD5

5cceefb23aa8805a7d5320fac133b4b8
SHA1

e02218a4886cf5f954d6c6fa5704c2d72fad7fd1
SHA256

687a1d2494d31819195e196dbedb77debab11b228bf8ce58dddff6857c7a22e2
SHA512

329610962a3195f12213067ace300d98cef072a402dd8e3e6edb35b464aba2efd330a6d07b9e4ca41e977d0a0c6b7dd2f8deb8af8bdb29ce3549cbc631c7e5dd

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

RFQ W-1802-1889.exe

pid process

1700 RFQ W-1802-1889.exe
1700 RFQ W-1802-1889.exe
1700 RFQ W-1802-1889.exe
1700 RFQ W-1802-1889.exe
1700 RFQ W-1802-1889.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

RFQ W-1802-1889.exe

description pid process

Token: SeDebugPrivilege 1700 RFQ W-1802-1889.exe

pid	process
1700	RFQ W-1802-1889.exe
1700	RFQ W-1802-1889.exe
1700	RFQ W-1802-1889.exe
1700	RFQ W-1802-1889.exe
1700	RFQ W-1802-1889.exe

description	pid	process
Token: SeDebugPrivilege	1700	RFQ W-1802-1889.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

RFQ W-1802-1889.exe

description	pid	process	target process
PID 1700 wrote to memory of 1016	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1016	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1016	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1016	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1208	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1208	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1208	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1208	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 292	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 292	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 292	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 292	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1632	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1632	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1632	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1632	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1652	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1652	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1652	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe
PID 1700 wrote to memory of 1652	1700	RFQ W-1802-1889.exe	RFQ W-1802-1889.exe

C:\Users\Admin\AppData\Local\Temp\RFQ W-1802-1889.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ W-1802-1889.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1700

C:\Users\Admin\AppData\Local\Temp\RFQ W-1802-1889.exe
"{path}"
2⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\RFQ W-1802-1889.exe
"{path}"
2⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\RFQ W-1802-1889.exe
"{path}"
2⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\RFQ W-1802-1889.exe
"{path}"
2⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\RFQ W-1802-1889.exe
"{path}"
2⤵
PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-55-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1700-57-0x00000000762D1000-0x00000000762D3000-memory.dmp

Filesize
8KB

Download
memory/1700-58-0x00000000043E0000-0x00000000043E1000-memory.dmp

Filesize
4KB

Download
memory/1700-59-0x00000000002E0000-0x00000000002EE000-memory.dmp

Filesize
56KB

Download
memory/1700-60-0x0000000005FF0000-0x0000000006069000-memory.dmp

Filesize
484KB

Download
memory/1700-61-0x00000000005E0000-0x0000000000618000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads