Overview

overview

10

Static

static

Quote USD$...ms.exe

windows7_x64

1

Quote USD$...ms.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    55s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20/04/2022, 04:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quote USD$ Prices For Items.exe

  • Size

    926KB

  • MD5

    50831e895c50a7c21c1be66fc6fd2d28

  • SHA1

    39cf19b2c753254ed0bafa11c635ab07670db32c

  • SHA256

    490ba5c3e2409bf961484b16cba91c2539609bb04b10c69d0a2e5c76889242bf

  • SHA512

    898a492001724bf52cee0fdee167da15447395424333eb5f9fe28355929207dd9d375743c80d0d259bee8bf8a2abe24effb677e0f0b8210a8f742a9e318c62ea

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
    "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
      "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
      2⤵
        PID:1004
      • C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
        "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
        2⤵
          PID:740
        • C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
          "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
          2⤵
            PID:640
          • C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
            "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
            2⤵
              PID:1728
            • C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe
              "C:\Users\Admin\AppData\Local\Temp\Quote USD$ Prices For Items.exe"
              2⤵
                PID:112

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1436-54-0x00000000001E0000-0x00000000002CE000-memory.dmp

              Filesize

              952KB

              Download

            • memory/1436-55-0x00000000004C0000-0x00000000004D0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1436-56-0x00000000055B0000-0x000000000566E000-memory.dmp

              Filesize

              760KB

              Download

            • memory/1436-57-0x0000000004FA0000-0x0000000005028000-memory.dmp

              Filesize

              544KB

              Download