Overview

overview

7

Static

static

1

RFQ____RM ...GE.exe

windows7-x64

7

RFQ____RM ...GE.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2023, 06:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ____RM quotation_JPEG IMAGE.exe

  • Size

    766KB

  • MD5

    eb411026d449c29c6a36ba1f1546400f

  • SHA1

    f3730d1d04eb2a844a86d5cef3237c190ff3c9ec

  • SHA256

    616ca5c757a9fcf6dce88d1e46e85b233ad05457ae6adfce1b6b53660d496841

  • SHA512

    0d0fb20c7a507e0fb1a08960f778d7d0171a6f5df28ea740bdc554e01f508556b1af179d16a9570c04995009742b9a4b85bca42ea405b61ec59366ee241c5e7b

  • SSDEEP

    12288:FmgxxY1guFc/DcbDbFlDSQ5KclNpesz5O+q2oZo+p0On9N6:sqQguFBbfFl+QocHxXoZoU05

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ____RM quotation_JPEG IMAGE.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ____RM quotation_JPEG IMAGE.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:1140

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\assda.ini
          Filesize

          81B

          MD5

          4471fd51e63dd8bdb7257d7bf2a7660d

          SHA1

          89c9268eae17f8e68549b784727b8c1050d9a0bd

          SHA256

          dafc4a87752ea0ad3e86a28a84eb9d4730eb0bbf20a574b98ebe2be4e08738de

          SHA512

          fd5aa0eaa3e8e50e06008428181becd7fcbe2bd928da52febc5397fde9dc72c2d4e6a3ed9cc17c6a472dac52749a68c4a2c39f9c40e5671cedc6b9bc8c0621f2

          Download Submit

        • C:\Windows\SysWOW64\kanylens.ini
          Filesize

          31B

          MD5

          22a71b3abbd8df7577278937b6dbabd0

          SHA1

          6b1121e9f9ada2b527f4069eecbb183a285aaeaf

          SHA256

          cf7c3380cfe6fb7418f04416062bc8f6d3fddc417fd904efc83604ee38b5bc55

          SHA512

          c70fb00cffd6ef43ba26ef563dbd6320aa8d6944ee03cb447bdfafcf5d8b84e0f0c264906ba37314e7ae34f25f63bc824814ac51fda332e893c4c647f5114038

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsj8538.tmp\System.dll
          Filesize

          11KB

          MD5

          0063d48afe5a0cdc02833145667b6641

          SHA1

          e7eb614805d183ecb1127c62decb1a6be1b4f7a8

          SHA256

          ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

          SHA512

          71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0

          Download Submit

        • memory/1140-16599-0x0000000004000000-0x0000000006C92000-memory.dmp

          Filesize

          44.6MB

          Download

        • memory/1140-16600-0x0000000004000000-0x0000000006C92000-memory.dmp

          Filesize

          44.6MB

          Download