dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205

Analysis

max time kernel
49s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-05-2023 14:06

Target

Quote 1345 rev.3.exe
Size

1.6MB
MD5

e90e41677f6030ffc3eac62929ced1d9
SHA1

edb0a2acdec33328a864ac178bfb0b42a2e0d444
SHA256

dafbb2a0e6111947e20d5916eae5c2a56937dec2c6c4e1843ce29ceefd22f205
SHA512

a2e20c8b160c366baed60adca173587e5c3b94b811f4f52ac3aaab01a0301716e30cc7c7d2a426ee32a6df651021717e4fe097073610860a949e7933468e10fa
SSDEEP

24576:KRKQxWUF61/J27K4mgZB67gTsD6RROjiDefziWX2GDjGBXtnZYx:K4QcUFO34mg367gTOwMMohjw9Z+

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1304	Quote 1345 rev.3.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 1136	1304	Quote 1345 rev.3.exe	27
PID 1304 wrote to memory of 1136	1304	Quote 1345 rev.3.exe	27
PID 1304 wrote to memory of 1136	1304	Quote 1345 rev.3.exe	27
PID 1304 wrote to memory of 1136	1304	Quote 1345 rev.3.exe	27
PID 1304 wrote to memory of 608	1304	Quote 1345 rev.3.exe	28
PID 1304 wrote to memory of 608	1304	Quote 1345 rev.3.exe	28
PID 1304 wrote to memory of 608	1304	Quote 1345 rev.3.exe	28
PID 1304 wrote to memory of 608	1304	Quote 1345 rev.3.exe	28
PID 1304 wrote to memory of 1844	1304	Quote 1345 rev.3.exe	29
PID 1304 wrote to memory of 1844	1304	Quote 1345 rev.3.exe	29
PID 1304 wrote to memory of 1844	1304	Quote 1345 rev.3.exe	29
PID 1304 wrote to memory of 1844	1304	Quote 1345 rev.3.exe	29
PID 1304 wrote to memory of 520	1304	Quote 1345 rev.3.exe	30
PID 1304 wrote to memory of 520	1304	Quote 1345 rev.3.exe	30
PID 1304 wrote to memory of 520	1304	Quote 1345 rev.3.exe	30
PID 1304 wrote to memory of 520	1304	Quote 1345 rev.3.exe	30
PID 1304 wrote to memory of 268	1304	Quote 1345 rev.3.exe	31
PID 1304 wrote to memory of 268	1304	Quote 1345 rev.3.exe	31
PID 1304 wrote to memory of 268	1304	Quote 1345 rev.3.exe	31
PID 1304 wrote to memory of 268	1304	Quote 1345 rev.3.exe	31

C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
"C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
  2⤵
  PID:1136
- C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
  2⤵
  PID:608
- C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
  2⤵
  PID:1844
- C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
  2⤵
  PID:520
- C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe
  "C:\Users\Admin\AppData\Local\Temp\Quote 1345 rev.3.exe"
  2⤵
  PID:268

memory/1304-54-0x0000000000320000-0x00000000004C0000-memory.dmp

Filesize
1.6MB

Download
memory/1304-55-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/1304-56-0x0000000000690000-0x00000000006A2000-memory.dmp

Filesize
72KB

Download
memory/1304-57-0x0000000004D40000-0x0000000004D80000-memory.dmp

Filesize
256KB

Download
memory/1304-58-0x0000000000770000-0x000000000077C000-memory.dmp

Filesize
48KB

Download
memory/1304-59-0x0000000007D00000-0x0000000007E38000-memory.dmp

Filesize
1.2MB

Download
memory/1304-60-0x0000000007F80000-0x0000000008130000-memory.dmp

Filesize
1.7MB

Download