5e9d8944a5b442d07e6f84087cbc5be0aac921acd6d48c3c51cbd659755bf671

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/08/2023, 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RFQ410000003438995755100004.exe
Size

50.0MB
MD5

67b5cb033c2e594700892d3d816167a3
SHA1

e3cba46a5b06af6900df801cbb93c069b4617317
SHA256

7926ce87de7fbcd875b3807137e9f22edb6e537410952f41094edcdac79e4d14
SHA512

adbfe696689ab6fb95cb68d6537565ef47453abfc7fdaaa4e568e4d465156b414c1d118e33c30d07cee9d7ed40222be688847b38bb89fc50cf56812f7536659f
SSDEEP

768:tJXX35YpGtuS+rmbWH2pTQJkLASChYHBFvetUGv006MF+DvsYHWwqDrOjfuohAcq:tBiGtujX2OKLsI3o6q+DvsTru/HDU

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2448 set thread context of 2256	2448	RFQ410000003438995755100004.exe	30

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2448	RFQ410000003438995755100004.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 2256	2448	RFQ410000003438995755100004.exe	30
PID 2448 wrote to memory of 2256	2448	RFQ410000003438995755100004.exe	30
PID 2448 wrote to memory of 2256	2448	RFQ410000003438995755100004.exe	30
PID 2448 wrote to memory of 2256	2448	RFQ410000003438995755100004.exe	30
PID 2448 wrote to memory of 2256	2448	RFQ410000003438995755100004.exe	30
PID 2448 wrote to memory of 2256	2448	RFQ410000003438995755100004.exe	30
PID 2448 wrote to memory of 2256	2448	RFQ410000003438995755100004.exe	30

C:\Users\Admin\AppData\Local\Temp\RFQ410000003438995755100004.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ410000003438995755100004.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  2⤵
  PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab8B22.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8B44.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
memory/2448-118-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-55-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/2448-54-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download
memory/2448-90-0x000000001F7A0000-0x000000001F91E000-memory.dmp

Filesize
1.5MB

Download
memory/2448-92-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-91-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-96-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-94-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-98-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-104-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-102-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-100-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-110-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-108-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-106-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-114-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-112-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-124-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-122-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-120-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-126-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-53-0x0000000000EF0000-0x0000000000F10000-memory.dmp

Filesize
128KB

Download
memory/2448-116-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-154-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-152-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-150-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-148-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-146-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-144-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-142-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-140-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-138-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-136-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-134-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-132-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-130-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-128-0x000000001F7A0000-0x000000001F917000-memory.dmp

Filesize
1.5MB

Download
memory/2448-247-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download
memory/2448-325-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/2448-1169-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/2448-1170-0x000000001E350000-0x000000001E448000-memory.dmp

Filesize
992KB

Download
memory/2448-1171-0x0000000000C60000-0x0000000000CAC000-memory.dmp

Filesize
304KB

Download
memory/2448-1172-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/2448-1179-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads