Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    25-10-2021 06:16

General

  • Target

    RFQ-WO10 #384573-pdf.exe

  • Size

    27KB

  • MD5

    e767b4d87898a75cc0d0e031e29b7284

  • SHA1

    25904e769d89aa44780a4b10153744d2fa533ec6

  • SHA256

    119d1a20d3e248a55981b6798bfd80191217e143feaa1e2774e4cb813bfbe6bf

  • SHA512

    fdbf41860bf490ce060575914c174f1aa19d4e0d97bb0415250d5046c77e632babcdd8a2634c81650db68c8053647bdf09b68e181516c5df99dd7ebaa81fdc1b

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ-WO10 #384573-pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ-WO10 #384573-pdf.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1884-54-0x0000000000A30000-0x0000000000A31000-memory.dmp
    Filesize

    4KB

  • memory/1884-56-0x0000000075A71000-0x0000000075A73000-memory.dmp
    Filesize

    8KB

  • memory/1884-57-0x0000000004DB0000-0x0000000004DB1000-memory.dmp
    Filesize

    4KB