Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
27-10-2023 09:45
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
URGENT RFQ! RFP82810.exe
Resource
win7-20231025-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
URGENT RFQ! RFP82810.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
URGENT RFQ! RFP82810.exe
-
Size
329KB
-
MD5
42df97789a51cb7ba473e6f447e83989
-
SHA1
400e3f2bc880dd690e4dcbfd8024995e83347d9d
-
SHA256
73dc704c3a82e161c621cdbd9164c9ee86ccb8b7fa0dcfc8f03ce40335c8604e
-
SHA512
0b3b26bb8d131fc506d9e3be57b1ef7d9c51f46a7dc9529bc4657a90767e09997e5675c91a2e83772ab4602b2c923d840ff5c708a831c24cf38b570eec6c023d
-
SSDEEP
6144:/CKQBMNitGsC/UJiQ2+423iCn3XgIqFsPe35bgaGPEQD:/fQ67sCYiX23PXbqL35bgaGf
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
URGENT RFQ! RFP82810.exedescription pid process target process PID 2332 wrote to memory of 2068 2332 URGENT RFQ! RFP82810.exe RegAsm.exe PID 2332 wrote to memory of 2068 2332 URGENT RFQ! RFP82810.exe RegAsm.exe PID 2332 wrote to memory of 2068 2332 URGENT RFQ! RFP82810.exe RegAsm.exe PID 2332 wrote to memory of 2068 2332 URGENT RFQ! RFP82810.exe RegAsm.exe PID 2332 wrote to memory of 2068 2332 URGENT RFQ! RFP82810.exe RegAsm.exe PID 2332 wrote to memory of 2068 2332 URGENT RFQ! RFP82810.exe RegAsm.exe PID 2332 wrote to memory of 2068 2332 URGENT RFQ! RFP82810.exe RegAsm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\URGENT RFQ! RFP82810.exe"C:\Users\Admin\AppData\Local\Temp\URGENT RFQ! RFP82810.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe2⤵PID:2068