Overview

overview

10

Static

static

quote.exe

windows7-x64

1

quote.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    50s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    16-09-2022 09:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    quote.exe

  • Size

    994KB

  • MD5

    69d7ce9779a8a758938ff6f8baff7ab2

  • SHA1

    0ece2b777fcf3eff03b7daf0cf66ec926203ea6b

  • SHA256

    0d1d2d46204e8a5447262f819a95a1862e089337c9ac59b6fcf2d3109e2857d7

  • SHA512

    df1281f29b5f8b4dd2d8fe5f0e178678c6f4a7ba67341e337185520637c442bf0bd4bd53731ee8b36eff47fcb844bf2ff2941a86d808be6b29701e401f77a0ab

  • SSDEEP

    12288:0ZYcXkNlexiFEA+IHXtA9uKjCw5qqTfProXOD1P1xuypQJrnOJy:8EQ+FHXV2tKORP1x

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\quote.exe
    "C:\Users\Admin\AppData\Local\Temp\quote.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\quote.exe
      "C:\Users\Admin\AppData\Local\Temp\quote.exe"
      2⤵
        PID:1600
      • C:\Users\Admin\AppData\Local\Temp\quote.exe
        "C:\Users\Admin\AppData\Local\Temp\quote.exe"
        2⤵
          PID:1656
        • C:\Users\Admin\AppData\Local\Temp\quote.exe
          "C:\Users\Admin\AppData\Local\Temp\quote.exe"
          2⤵
            PID:1452
          • C:\Users\Admin\AppData\Local\Temp\quote.exe
            "C:\Users\Admin\AppData\Local\Temp\quote.exe"
            2⤵
              PID:332
            • C:\Users\Admin\AppData\Local\Temp\quote.exe
              "C:\Users\Admin\AppData\Local\Temp\quote.exe"
              2⤵
                PID:760

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2016-54-0x0000000000340000-0x000000000043E000-memory.dmp
              Filesize

              1016KB

              Download
            • memory/2016-55-0x0000000075561000-0x0000000075563000-memory.dmp
              Filesize

              8KB

              Download
            • memory/2016-56-0x0000000000580000-0x0000000000596000-memory.dmp
              Filesize

              88KB

              Download
            • memory/2016-57-0x0000000000590000-0x000000000059C000-memory.dmp
              Filesize

              48KB

              Download
            • memory/2016-58-0x00000000056A0000-0x000000000572E000-memory.dmp
              Filesize

              568KB

              Download
            • memory/2016-59-0x00000000041E0000-0x0000000004214000-memory.dmp
              Filesize

              208KB

              Download