Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
06-11-2023 16:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
RFQ 261023.exe
Resource
win7-20231025-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral2
Sample
RFQ 261023.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
RFQ 261023.exe
-
Size
349KB
-
MD5
c77ed66a06eaa6254d70a50e91fe68f6
-
SHA1
4523ac24ed151f6cd5cfceba37ad725e1a8afc0f
-
SHA256
25540f55ae5a200dd9635f60a3b62458b6d95386d0d92eab2282facc6f51084e
-
SHA512
d22fbea9fe6baa38ca6e3bd6d9324f70e9bf035a456a65751079b55968cc18920f3dbff69de97384ef2e27f27c54ea8597456f6176d035b8c220c672a992590b
-
SSDEEP
6144:tMVvcrQJL4IYYfnnZYJo57RuoGBfu9w9RzixhDeICv1M/Y8Q5AVSiwMpr5WR5oL1:2VE6VYYfIwRu7ICv1M/Y8Q5AVSiwcr5L
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
RFQ 261023.exedescription pid process target process PID 396 wrote to memory of 2572 396 RFQ 261023.exe RegAsm.exe PID 396 wrote to memory of 2572 396 RFQ 261023.exe RegAsm.exe PID 396 wrote to memory of 2572 396 RFQ 261023.exe RegAsm.exe