Overview

overview

10

Static

static

RFQ NO. 44...63.exe

windows7_x64

10

RFQ NO. 44...63.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ NO. 4400008663.exe

  • Size

    720KB

  • MD5

    dc26f87b2a4b65908a89673d1a4bf4d3

  • SHA1

    fe9c81cafac65c5b78a8b6fd629f7d69ed1f2f05

  • SHA256

    ff6459ca52183c69be1ef1764b9a1cd4c3436d2713483bf5ad219d2bff0d439e

  • SHA512

    3218d19985bd0c4cde21f1bf06d881016e9471c1e9ebe935709e3c493d3c9517a5232d8791152195aff7ab81182efe0434c824b85e364e30a5ffa6a519851b6b

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ NO. 4400008663.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ NO. 4400008663.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2512-130-0x0000000000310000-0x00000000003CA000-memory.dmp

    Filesize

    744KB

    Download

  • memory/2512-131-0x0000000005290000-0x0000000005834000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2512-132-0x0000000004D80000-0x0000000004E12000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2512-133-0x0000000004D60000-0x0000000004D6A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2512-134-0x00000000051A0000-0x000000000523C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2512-135-0x0000000005940000-0x00000000059A6000-memory.dmp

    Filesize

    408KB

    Download