Overview

overview

3

Static

static

Quotation ...21.exe

windows7-x64

3

Quotation ...21.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    81s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/10/2022, 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Quotation 911799 - EM0927221.exe

  • Size

    16KB

  • MD5

    231ad9c20a81eb767a323a3f6b4ea06c

  • SHA1

    c45fbb7191c7bbced7a36e5f99e8b9172646d36b

  • SHA256

    824d3bd784dd2059a97bc67dc980c0c7ae3755426332997e12dd4bb3b8d15003

  • SHA512

    f2bc856cd5d93149b6defb42fe31baea2e71a8d0e1097aece883ee54c725da13bda8a5c43f658d5ba3315c7162ac60b7f45de2de7eea576100c666d3183c1f89

  • SSDEEP

    384:N7a1+AjL2phZU+n6gmSIISSSSSISSSpvKACPOW:iI4A6VVCGW

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Quotation 911799 - EM0927221.exe
    "C:\Users\Admin\AppData\Local\Temp\Quotation 911799 - EM0927221.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4396
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 1356
      2⤵
      • Program crash
      PID:3772
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4396 -ip 4396
    1⤵
      PID:3492

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4396-132-0x0000000000150000-0x000000000015A000-memory.dmp

      Filesize

      40KB

      Download