5e9d8944a5b442d07e6f84087cbc5be0aac921acd6d48c3c51cbd659755bf671

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2023 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RFQ410000003438995755100004.exe
Size

50.0MB
MD5

67b5cb033c2e594700892d3d816167a3
SHA1

e3cba46a5b06af6900df801cbb93c069b4617317
SHA256

7926ce87de7fbcd875b3807137e9f22edb6e537410952f41094edcdac79e4d14
SHA512

adbfe696689ab6fb95cb68d6537565ef47453abfc7fdaaa4e568e4d465156b414c1d118e33c30d07cee9d7ed40222be688847b38bb89fc50cf56812f7536659f
SSDEEP

768:tJXX35YpGtuS+rmbWH2pTQJkLASChYHBFvetUGv006MF+DvsYHWwqDrOjfuohAcq:tBiGtujX2OKLsI3o6q+DvsTru/HDU

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 464 set thread context of 4316	464	RFQ410000003438995755100004.exe	90

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4316	MSBuild.exe
4316	MSBuild.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	464	RFQ410000003438995755100004.exe
Token: SeDebugPrivilege	4316	MSBuild.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 4316	464	RFQ410000003438995755100004.exe	90
PID 464 wrote to memory of 4316	464	RFQ410000003438995755100004.exe	90
PID 464 wrote to memory of 4316	464	RFQ410000003438995755100004.exe	90
PID 464 wrote to memory of 4316	464	RFQ410000003438995755100004.exe	90
PID 464 wrote to memory of 4316	464	RFQ410000003438995755100004.exe	90
PID 464 wrote to memory of 4316	464	RFQ410000003438995755100004.exe	90

C:\Users\Admin\AppData\Local\Temp\RFQ410000003438995755100004.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ410000003438995755100004.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:464
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/464-173-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-197-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-135-0x000002124E3C0000-0x000002124E3D0000-memory.dmp

Filesize
64KB

Download
memory/464-136-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-137-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-139-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-141-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-143-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-145-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-147-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-149-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-151-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-153-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-155-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-157-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-159-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-133-0x000002124C740000-0x000002124C760000-memory.dmp

Filesize
128KB

Download
memory/464-163-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-165-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-167-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-169-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-171-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-177-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-175-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-161-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-179-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-181-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-183-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-185-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-187-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-189-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-191-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-193-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-195-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-134-0x00007FFD03030000-0x00007FFD03AF1000-memory.dmp

Filesize
10.8MB

Download
memory/464-199-0x0000021267C80000-0x0000021267DF7000-memory.dmp

Filesize
1.5MB

Download
memory/464-509-0x00007FFD03030000-0x00007FFD03AF1000-memory.dmp

Filesize
10.8MB

Download
memory/464-702-0x000002124E3C0000-0x000002124E3D0000-memory.dmp

Filesize
64KB

Download
memory/464-1214-0x000002124E3E0000-0x000002124E3E1000-memory.dmp

Filesize
4KB

Download
memory/464-1215-0x000002124E3C0000-0x000002124E3D0000-memory.dmp

Filesize
64KB

Download
memory/464-1219-0x00007FFD03030000-0x00007FFD03AF1000-memory.dmp

Filesize
10.8MB

Download
memory/4316-1220-0x00007FFD03030000-0x00007FFD03AF1000-memory.dmp

Filesize
10.8MB

Download
memory/4316-1218-0x0000000140000000-0x00000001400D0000-memory.dmp

Filesize
832KB

Download
memory/4316-1221-0x00000263F1870000-0x00000263F1880000-memory.dmp

Filesize
64KB

Download
memory/4316-2597-0x00007FFD03030000-0x00007FFD03AF1000-memory.dmp

Filesize
10.8MB

Download
memory/4316-3432-0x00007FFD03030000-0x00007FFD03AF1000-memory.dmp

Filesize
10.8MB

Download