Overview

overview

10

Static

static

3

Request fo...df.exe

windows7-x64

1

Request fo...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Request for Quotation...pdf.exe

  • Size

    885KB

  • MD5

    c489912068a72c74eb218562beeaaf8a

  • SHA1

    6348afcd2c4645d983f6982bc3271646a3049fd5

  • SHA256

    78ddeffb28de453b1235da58833f3e8532635bf556fb2ef23e25aa58b15506b0

  • SHA512

    3d0ad7e47472b69026658d64017cc8aa30843c5757b521bb6edc7fdf8ec9a3bff889233ab38c8b3e58308beea2c150498ff78edef01b93107b3843881618b4b3

  • SSDEEP

    12288:E3hYkBcPwb/nRlnGWsDzvFXQKoXVtnL+BpD2ePG72HrV7:hK/RlnE58fnKrvPG7gr

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe
      "C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe"
      2⤵
        PID:2444
      • C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe
        "C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe"
        2⤵
          PID:2476
        • C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe
          "C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe"
          2⤵
            PID:2488
          • C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe
            "C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe"
            2⤵
              PID:1992
            • C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe
              "C:\Users\Admin\AppData\Local\Temp\Request for Quotation...pdf.exe"
              2⤵
                PID:2924

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2168-1-0x00000000748E0000-0x0000000074FCE000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/2168-0-0x0000000000370000-0x0000000000454000-memory.dmp
              Filesize

              912KB

              Download
            • memory/2168-2-0x0000000004DE0000-0x0000000004E20000-memory.dmp
              Filesize

              256KB

              Download
            • memory/2168-3-0x0000000000650000-0x0000000000668000-memory.dmp
              Filesize

              96KB

              Download
            • memory/2168-4-0x00000000748E0000-0x0000000074FCE000-memory.dmp
              Filesize

              6.9MB

              Download
            • memory/2168-5-0x0000000004DE0000-0x0000000004E20000-memory.dmp
              Filesize

              256KB

              Download
            • memory/2168-6-0x0000000005850000-0x0000000005900000-memory.dmp
              Filesize

              704KB

              Download
            • memory/2168-7-0x0000000000850000-0x0000000000890000-memory.dmp
              Filesize

              256KB

              Download
            • memory/2168-8-0x00000000748E0000-0x0000000074FCE000-memory.dmp
              Filesize

              6.9MB

              Download