a0016d969edbfab699ce970aadcb9853478bcb21de4fd8a3c9131953185e8084

Analysis

max time kernel
148s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28-08-2023 10:13

Target

RFQSA,PROJECTENQ-0090FOBUSD.exe
Size

584KB
MD5

cab00c7d38e22b577abd3fb0679aa231
SHA1

6af98a27937989d4a10e2390c99552c5cb9a2695
SHA256

ac254c8f30ac538efa1c6774d3b7e6a1b379af081c6cb15d36440e4913bc41c1
SHA512

85bd383e2af799eba6d92c6f5a1cc0507a4e6d578c0c11ac5afc5cac06449072293e94aaa76302ca3d7aa570a99dd74a07325d98f8a92800cb6322cde654e950
SSDEEP

12288:Byd04uf1RZga7CcluTo/OpkccX9ZR/FjRGCg/dq8sf70iHuBJ:sd+fqa7CcljOmccX9lRfglq8W70iOB

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2208 set thread context of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30

Suspicious behavior: EnumeratesProcesses 27 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe
Token: SeDebugPrivilege	2836	RegSvcs.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30
PID 2208 wrote to memory of 2836	2208	RFQSA,PROJECTENQ-0090FOBUSD.exe	30

memory/2208-6-0x00000000002F0000-0x00000000002FE000-memory.dmp

Filesize
56KB

Download
memory/2208-13-0x0000000074C10000-0x00000000752FE000-memory.dmp

Filesize
6.9MB

Download
memory/2208-2-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/2208-3-0x0000000000270000-0x0000000000284000-memory.dmp

Filesize
80KB

Download
memory/2208-4-0x0000000074C10000-0x00000000752FE000-memory.dmp

Filesize
6.9MB

Download
memory/2208-5-0x0000000004DA0000-0x0000000004DE0000-memory.dmp

Filesize
256KB

Download
memory/2208-1-0x0000000074C10000-0x00000000752FE000-memory.dmp

Filesize
6.9MB

Download
memory/2208-7-0x0000000005280000-0x00000000052F4000-memory.dmp

Filesize
464KB

Download
memory/2208-0-0x00000000001A0000-0x0000000000238000-memory.dmp

Filesize
608KB

Download
memory/2836-8-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2836-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2836-12-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2836-9-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/2836-14-0x00000000008E0000-0x0000000000BE3000-memory.dmp

Filesize
3.0MB

Download
memory/2836-15-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download