Overview

overview

10

Static

static

RequestORDERQuote.exe

windows7_x64

1

RequestORDERQuote.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    79s
  • max time network
    23s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    06-02-2022 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RequestORDERQuote.exe

  • Size

    2.3MB

  • MD5

    3f02190df38e5dadd7e1b694f547c539

  • SHA1

    32769a00df7264940c155f9a2222812e0fbf86be

  • SHA256

    91b24eab863880a23663f812e043b6b83dab1e658b234b1b98521e28071527b9

  • SHA512

    5068205c43a7fc49fb1b0e1b48526181355e0af091b2086ab35e37a60dbb8d3136f5325b7b614402a9f52515a08e67d5255b195b71a5c5e5332a24098a9b24da

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
    "C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
      C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
      2⤵
        PID:964
      • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
        C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
        2⤵
          PID:1592
        • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
          C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
          2⤵
            PID:1516
          • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
            C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
            2⤵
              PID:1604
            • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
              C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
              2⤵
                PID:876
              • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                2⤵
                  PID:1792
                • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                  C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                  2⤵
                    PID:1744
                  • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                    C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                    2⤵
                      PID:1384
                    • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                      C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                      2⤵
                        PID:660
                      • C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                        C:\Users\Admin\AppData\Local\Temp\RequestORDERQuote.exe
                        2⤵
                          PID:556

                      Network

                      MITRE ATT&CK Matrix

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • memory/1316-54-0x0000000000380000-0x00000000005D2000-memory.dmp
                        Filesize

                        2.3MB

                        Download
                      • memory/1316-55-0x0000000075471000-0x0000000075473000-memory.dmp
                        Filesize

                        8KB

                        Download
                      • memory/1316-56-0x0000000002700000-0x0000000004810000-memory.dmp
                        Filesize

                        33.1MB

                        Download
                      • memory/1316-57-0x0000000000280000-0x000000000028A000-memory.dmp
                        Filesize

                        40KB

                        Download
                      • memory/1316-58-0x0000000000980000-0x00000000009FC000-memory.dmp
                        Filesize

                        496KB

                        Download
                      • memory/1316-59-0x0000000000340000-0x0000000000384000-memory.dmp
                        Filesize

                        272KB

                        Download