a5eb9c7fce3e3b97a05265f49936170b4a4009d611cf0cc16ec802ddadc433ad

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 14:03

Target

URGENT QUOTATION.exe
Size

970KB
MD5

d11648713e4787d3f44fc74dbb2528d0
SHA1

ae249089905bedbe36285620503d744b7bd50227
SHA256

53d7bc7f973e349fd37b7770de19baa1505222077d12a7f72dc62119a9f28852
SHA512

b9dd63cb0f7b681c0f72d4fa81e614f79953d356c3a56f6bd41e05a75284bcc7c54763b9c9b1e0ff8f1d607320f06d72f7940f441bb0750e60d7745f0159d85b
SSDEEP

24576:8sOT8w1RpEJrOAerGasN/9GwHDNKBVH1iU76:8R8MjmrUWclB6J

Score

7^/10

agilenet

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

resource	yara_rule
behavioral1/memory/1992-7-0x0000000000A10000-0x0000000000A1A000-memory.dmp	agile_net

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2600	1992	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	URGENT QUOTATION.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2600	1992	URGENT QUOTATION.exe	28
PID 1992 wrote to memory of 2600	1992	URGENT QUOTATION.exe	28
PID 1992 wrote to memory of 2600	1992	URGENT QUOTATION.exe	28
PID 1992 wrote to memory of 2600	1992	URGENT QUOTATION.exe	28

C:\Users\Admin\AppData\Local\Temp\URGENT QUOTATION.exe
"C:\Users\Admin\AppData\Local\Temp\URGENT QUOTATION.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 664
  2⤵
  - Program crash
  PID:2600

memory/1992-0-0x000000007493E000-0x000000007493F000-memory.dmp

Filesize
4KB

Download
memory/1992-1-0x0000000000A70000-0x0000000000B68000-memory.dmp

Filesize
992KB

Download
memory/1992-2-0x0000000000630000-0x0000000000660000-memory.dmp

Filesize
192KB

Download
memory/1992-3-0x0000000074930000-0x000000007501E000-memory.dmp

Filesize
6.9MB

Download
memory/1992-4-0x000000007493E000-0x000000007493F000-memory.dmp

Filesize
4KB

Download
memory/1992-5-0x0000000000670000-0x0000000000678000-memory.dmp

Filesize
32KB

Download
memory/1992-6-0x0000000000680000-0x000000000068E000-memory.dmp

Filesize
56KB

Download
memory/1992-7-0x0000000000A10000-0x0000000000A1A000-memory.dmp

Filesize
40KB

Download
memory/1992-8-0x0000000074930000-0x000000007501E000-memory.dmp

Filesize
6.9MB

Download