Analysis
-
max time kernel
50s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
16-09-2022 09:26
Static task
static1
Behavioral task
behavioral1
Sample
quote.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
quote.exe
-
Size
994KB
-
MD5
69d7ce9779a8a758938ff6f8baff7ab2
-
SHA1
0ece2b777fcf3eff03b7daf0cf66ec926203ea6b
-
SHA256
0d1d2d46204e8a5447262f819a95a1862e089337c9ac59b6fcf2d3109e2857d7
-
SHA512
df1281f29b5f8b4dd2d8fe5f0e178678c6f4a7ba67341e337185520637c442bf0bd4bd53731ee8b36eff47fcb844bf2ff2941a86d808be6b29701e401f77a0ab
-
SSDEEP
12288:0ZYcXkNlexiFEA+IHXtA9uKjCw5qqTfProXOD1P1xuypQJrnOJy:8EQ+FHXV2tKORP1x
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
quote.exepid process 2016 quote.exe 2016 quote.exe 2016 quote.exe 2016 quote.exe 2016 quote.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
quote.exedescription pid process Token: SeDebugPrivilege 2016 quote.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
quote.exedescription pid process target process PID 2016 wrote to memory of 1600 2016 quote.exe quote.exe PID 2016 wrote to memory of 1600 2016 quote.exe quote.exe PID 2016 wrote to memory of 1600 2016 quote.exe quote.exe PID 2016 wrote to memory of 1600 2016 quote.exe quote.exe PID 2016 wrote to memory of 1656 2016 quote.exe quote.exe PID 2016 wrote to memory of 1656 2016 quote.exe quote.exe PID 2016 wrote to memory of 1656 2016 quote.exe quote.exe PID 2016 wrote to memory of 1656 2016 quote.exe quote.exe PID 2016 wrote to memory of 1452 2016 quote.exe quote.exe PID 2016 wrote to memory of 1452 2016 quote.exe quote.exe PID 2016 wrote to memory of 1452 2016 quote.exe quote.exe PID 2016 wrote to memory of 1452 2016 quote.exe quote.exe PID 2016 wrote to memory of 332 2016 quote.exe quote.exe PID 2016 wrote to memory of 332 2016 quote.exe quote.exe PID 2016 wrote to memory of 332 2016 quote.exe quote.exe PID 2016 wrote to memory of 332 2016 quote.exe quote.exe PID 2016 wrote to memory of 760 2016 quote.exe quote.exe PID 2016 wrote to memory of 760 2016 quote.exe quote.exe PID 2016 wrote to memory of 760 2016 quote.exe quote.exe PID 2016 wrote to memory of 760 2016 quote.exe quote.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\quote.exe"C:\Users\Admin\AppData\Local\Temp\quote.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\quote.exe"C:\Users\Admin\AppData\Local\Temp\quote.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\quote.exe"C:\Users\Admin\AppData\Local\Temp\quote.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\quote.exe"C:\Users\Admin\AppData\Local\Temp\quote.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\quote.exe"C:\Users\Admin\AppData\Local\Temp\quote.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\quote.exe"C:\Users\Admin\AppData\Local\Temp\quote.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2016-54-0x0000000000340000-0x000000000043E000-memory.dmpFilesize
1016KB
-
memory/2016-55-0x0000000075561000-0x0000000075563000-memory.dmpFilesize
8KB
-
memory/2016-56-0x0000000000580000-0x0000000000596000-memory.dmpFilesize
88KB
-
memory/2016-57-0x0000000000590000-0x000000000059C000-memory.dmpFilesize
48KB
-
memory/2016-58-0x00000000056A0000-0x000000000572E000-memory.dmpFilesize
568KB
-
memory/2016-59-0x00000000041E0000-0x0000000004214000-memory.dmpFilesize
208KB