Overview

overview

10

Static

static

1

RFQ for su...89.rar

windows7-x64

3

RFQ for su...89.rar

windows10-2004-x64

3

RFQ for su...89.exe

windows7-x64

1

RFQ for su...89.exe

windows10-2004-x64

10

Resubmissions

17-04-2023 16:19

230417-tsqjrsfb33 10

17-04-2023 16:08

230417-tk6wsagg5s 10

17-04-2023 15:53

230417-tbt6magg2s 10

17-04-2023 15:30

230417-sxwqxage9v 10

Analysis

  • max time kernel
    49s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    17-04-2023 15:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ for supply of Stock Replenishment FI-2023-089.exe

  • Size

    833KB

  • MD5

    c3d43cf53c510fed679a621e5c9d0aea

  • SHA1

    a8d367631072c110d99369209782f8ddd6de673f

  • SHA256

    2a4fe1060c15849fad34754e02f548fc250f8749ab923f929c7497c0614c760b

  • SHA512

    19d006881997d35cc57fff45b1e216d601d83b15045dcc75f8b6b617bb797c838a7cf0c3e0eec1e016817d5f3f429650a88a914bfaa9b9deeb62af18255437a8

  • SSDEEP

    12288:El4SNuCXLzEfF0S2FXtBvFD3oNQLp1K6YZQ0MASVbNqRPXnBGTJ:EG9CvEfFv23o2LDK6WQOSVpwXnB2

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe
      "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe"
      2⤵
        PID:1112
      • C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe
        "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe"
        2⤵
          PID:1308
        • C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe
          "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe"
          2⤵
            PID:1156
          • C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe
            "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe"
            2⤵
              PID:524
            • C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe
              "C:\Users\Admin\AppData\Local\Temp\RFQ for supply of Stock Replenishment FI-2023-089.exe"
              2⤵
                PID:668

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/1736-54-0x00000000001D0000-0x00000000002A6000-memory.dmp

              Filesize

              856KB

              Download

            • memory/1736-55-0x0000000002050000-0x0000000002090000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1736-56-0x0000000001E50000-0x0000000001E64000-memory.dmp

              Filesize

              80KB

              Download

            • memory/1736-57-0x0000000002050000-0x0000000002090000-memory.dmp

              Filesize

              256KB

              Download

            • memory/1736-58-0x0000000001E70000-0x0000000001E7C000-memory.dmp

              Filesize

              48KB

              Download

            • memory/1736-59-0x0000000005260000-0x000000000530C000-memory.dmp

              Filesize

              688KB

              Download

            • memory/1736-60-0x0000000005620000-0x0000000005696000-memory.dmp

              Filesize

              472KB

              Download