345ee7b880ac218791ab8a28cc5c6506061908b5b9d86c891c89b6315973fcb6

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
03-10-2023 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
Size

692KB
MD5

5789d948bc397cc097865c8ea4517332
SHA1

5eb8df1ef80f2ff2803227384da7a5be4dfaafc4
SHA256

76a42df2c67754d0679cc28aefab1ea8092d7f98f75aebad4baf7ea21121e1c5
SHA512

d0f83c397b0648434425408a8e8c68127f5740d884f56394848e8300956b88d1e4d7ec1441273c29adef519021dcd6985b2a49a9b19fd904726453f5e8eaf5aa
SSDEEP

12288:i1ziSAx5PWPQbW8hRYapg/r6VJ9myKsEFXqquHDQxcPTXXvdDiTV:ix7Ax5uPMg2NHKsEF5uHsirvdOV

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2220	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	28
PID 2204 wrote to memory of 2220	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	28
PID 2204 wrote to memory of 2220	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	28
PID 2204 wrote to memory of 2220	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	28
PID 2204 wrote to memory of 1708	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	29
PID 2204 wrote to memory of 1708	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	29
PID 2204 wrote to memory of 1708	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	29
PID 2204 wrote to memory of 1708	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	29
PID 2204 wrote to memory of 1868	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	30
PID 2204 wrote to memory of 1868	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	30
PID 2204 wrote to memory of 1868	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	30
PID 2204 wrote to memory of 1868	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	30
PID 2204 wrote to memory of 2032	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	31
PID 2204 wrote to memory of 2032	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	31
PID 2204 wrote to memory of 2032	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	31
PID 2204 wrote to memory of 2032	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	31
PID 2204 wrote to memory of 1876	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	32
PID 2204 wrote to memory of 1876	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	32
PID 2204 wrote to memory of 1876	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	32
PID 2204 wrote to memory of 1876	2204	Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe	32

C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe"
  2⤵
  PID:2220
- C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe"
  2⤵
  PID:1708
- C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe"
  2⤵
  PID:1868
- C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe"
  2⤵
  PID:2032
- C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe
  "C:\Users\Admin\AppData\Local\Temp\Urgent RFQ October 2023 Req. Offer 15492023-pdf.exe"
  2⤵
  PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-1-0x0000000073F10000-0x00000000745FE000-memory.dmp

Filesize
6.9MB

Download
memory/2204-0-0x0000000000370000-0x0000000000422000-memory.dmp

Filesize
712KB

Download
memory/2204-2-0x0000000004E20000-0x0000000004E60000-memory.dmp

Filesize
256KB

Download
memory/2204-3-0x0000000000480000-0x0000000000492000-memory.dmp

Filesize
72KB

Download
memory/2204-4-0x0000000073F10000-0x00000000745FE000-memory.dmp

Filesize
6.9MB

Download
memory/2204-5-0x0000000004E20000-0x0000000004E60000-memory.dmp

Filesize
256KB

Download
memory/2204-6-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/2204-7-0x0000000000650000-0x000000000065C000-memory.dmp

Filesize
48KB

Download
memory/2204-8-0x0000000004F40000-0x0000000004FBC000-memory.dmp

Filesize
496KB

Download
memory/2204-9-0x0000000073F10000-0x00000000745FE000-memory.dmp

Filesize
6.9MB

Download