a0016d969edbfab699ce970aadcb9853478bcb21de4fd8a3c9131953185e8084

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 10:13

Target

RFQSA,PROJECTENQ-0090FOBUSD.exe
Size

584KB
MD5

cab00c7d38e22b577abd3fb0679aa231
SHA1

6af98a27937989d4a10e2390c99552c5cb9a2695
SHA256

ac254c8f30ac538efa1c6774d3b7e6a1b379af081c6cb15d36440e4913bc41c1
SHA512

85bd383e2af799eba6d92c6f5a1cc0507a4e6d578c0c11ac5afc5cac06449072293e94aaa76302ca3d7aa570a99dd74a07325d98f8a92800cb6322cde654e950
SSDEEP

12288:Byd04uf1RZga7CcluTo/OpkccX9ZR/FjRGCg/dq8sf70iHuBJ:sd+fqa7CcljOmccX9lRfglq8W70iOB

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1404 set thread context of 4192	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe	85

Suspicious behavior: EnumeratesProcesses 52 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe
Token: SeDebugPrivilege	4192	RegSvcs.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 4192	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe	85
PID 1404 wrote to memory of 4192	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe	85
PID 1404 wrote to memory of 4192	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe	85
PID 1404 wrote to memory of 4192	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe	85
PID 1404 wrote to memory of 4192	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe	85
PID 1404 wrote to memory of 4192	1404	RFQSA,PROJECTENQ-0090FOBUSD.exe	85

memory/1404-6-0x0000000005170000-0x000000000520C000-memory.dmp

Filesize
624KB

Download
memory/1404-1-0x00000000003F0000-0x0000000000488000-memory.dmp

Filesize
608KB

Download
memory/1404-2-0x00000000053C0000-0x0000000005964000-memory.dmp

Filesize
5.6MB

Download
memory/1404-3-0x0000000004EB0000-0x0000000004F42000-memory.dmp

Filesize
584KB

Download
memory/1404-4-0x00000000050C0000-0x00000000050D0000-memory.dmp

Filesize
64KB

Download
memory/1404-5-0x0000000004E80000-0x0000000004E8A000-memory.dmp

Filesize
40KB

Download
memory/1404-0-0x00000000751D0000-0x0000000075980000-memory.dmp

Filesize
7.7MB

Download
memory/1404-7-0x00000000751D0000-0x0000000075980000-memory.dmp

Filesize
7.7MB

Download
memory/1404-8-0x00000000050C0000-0x00000000050D0000-memory.dmp

Filesize
64KB

Download
memory/1404-11-0x00000000751D0000-0x0000000075980000-memory.dmp

Filesize
7.7MB

Download
memory/4192-9-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4192-12-0x0000000001870000-0x0000000001BBA000-memory.dmp

Filesize
3.3MB

Download
memory/4192-13-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download