374bd46f94cdf56eb2775ec23f0b70e8179541f348de2959a4a885b8f22af99c

Analysis

max time kernel
46s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-05-2023 13:30

Target

Request for Quotation.exe
Size

1.4MB
MD5

235c2d00b691656b63a715eac1e7511b
SHA1

511e1e3646ad2ca0012709c56544ca9497b969e0
SHA256

374bd46f94cdf56eb2775ec23f0b70e8179541f348de2959a4a885b8f22af99c
SHA512

f0432f5f5668af790b8959a0cdd75236389cc0a3af2c033e04d92066373207d935f7a75261a0e46a9339fc8d083097555ea9a5c6f032310c54c4659dc7913ec3
SSDEEP

24576:AR8UY0b6vrCWFHojNYhS8vE1BiCJQwcGJVdOeyYZ3pnFchs1D3x3PWh:28emvrCmIjNYJv+BxHcGJy+3pnFcWpNP

Score

1^/10

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1060	Request for Quotation.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 372	1060	Request for Quotation.exe	27
PID 1060 wrote to memory of 372	1060	Request for Quotation.exe	27
PID 1060 wrote to memory of 372	1060	Request for Quotation.exe	27
PID 1060 wrote to memory of 372	1060	Request for Quotation.exe	27
PID 1060 wrote to memory of 524	1060	Request for Quotation.exe	28
PID 1060 wrote to memory of 524	1060	Request for Quotation.exe	28
PID 1060 wrote to memory of 524	1060	Request for Quotation.exe	28
PID 1060 wrote to memory of 524	1060	Request for Quotation.exe	28
PID 1060 wrote to memory of 368	1060	Request for Quotation.exe	29
PID 1060 wrote to memory of 368	1060	Request for Quotation.exe	29
PID 1060 wrote to memory of 368	1060	Request for Quotation.exe	29
PID 1060 wrote to memory of 368	1060	Request for Quotation.exe	29
PID 1060 wrote to memory of 1344	1060	Request for Quotation.exe	30
PID 1060 wrote to memory of 1344	1060	Request for Quotation.exe	30
PID 1060 wrote to memory of 1344	1060	Request for Quotation.exe	30
PID 1060 wrote to memory of 1344	1060	Request for Quotation.exe	30
PID 1060 wrote to memory of 1704	1060	Request for Quotation.exe	31
PID 1060 wrote to memory of 1704	1060	Request for Quotation.exe	31
PID 1060 wrote to memory of 1704	1060	Request for Quotation.exe	31
PID 1060 wrote to memory of 1704	1060	Request for Quotation.exe	31

C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
"C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
  "C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
  2⤵
  PID:372
- C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
  "C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
  2⤵
  PID:524
- C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
  "C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
  2⤵
  PID:368
- C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
  "C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
  2⤵
  PID:1344
- C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe
  "C:\Users\Admin\AppData\Local\Temp\Request for Quotation.exe"
  2⤵
  PID:1704

memory/1060-54-0x0000000000320000-0x0000000000482000-memory.dmp

Filesize
1.4MB

Download
memory/1060-55-0x00000000007B0000-0x00000000007F0000-memory.dmp

Filesize
256KB

Download
memory/1060-56-0x00000000004B0000-0x00000000004BC000-memory.dmp

Filesize
48KB

Download
memory/1060-57-0x00000000004D0000-0x00000000004DA000-memory.dmp

Filesize
40KB

Download
memory/1060-58-0x0000000008360000-0x0000000008498000-memory.dmp

Filesize
1.2MB

Download
memory/1060-59-0x000000000ACB0000-0x000000000AE60000-memory.dmp

Filesize
1.7MB

Download