4900b43d5fd24f95b56bc3777deeeb6d972f0e7863b988620bfb65bf48a6f2b2

Analysis

max time kernel
154s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 07:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RFQ_4183321000004562E20000.exe
Size

150.0MB
MD5

379450e55ebb28dfdab7e41b314325c4
SHA1

cdf9ff655925aa8fbd8b8f98285374ae1c122971
SHA256

bf6597b26b2649f2850ba9daa3ee4fbd2d46cbb3ded37cb659137eb5f37893b8
SHA512

dc5bf8483462a638d004240856d65d53b0b79779e6a9b1d05266c06ae1969f422b32a9b73f8daad38ca9ef99226caaa56526c19f708d3edff727e302c47892db
SSDEEP

6144:S2MApbs63Hn2Y594nAqkXJWgPZhZ1L5NGikZF3NjhpH3565Xnnzf0sv4jctw:Zbx4nByJ7PvZ5DwN

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3628 set thread context of 3416	3628	RFQ_4183321000004562E20000.exe	105

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe
3628	RFQ_4183321000004562E20000.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3628	RFQ_4183321000004562E20000.exe
Token: SeDebugPrivilege	3628	RFQ_4183321000004562E20000.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 4660	3628	RFQ_4183321000004562E20000.exe	98
PID 3628 wrote to memory of 4660	3628	RFQ_4183321000004562E20000.exe	98
PID 3628 wrote to memory of 3576	3628	RFQ_4183321000004562E20000.exe	99
PID 3628 wrote to memory of 3576	3628	RFQ_4183321000004562E20000.exe	99
PID 3628 wrote to memory of 4436	3628	RFQ_4183321000004562E20000.exe	100
PID 3628 wrote to memory of 4436	3628	RFQ_4183321000004562E20000.exe	100
PID 3628 wrote to memory of 4944	3628	RFQ_4183321000004562E20000.exe	101
PID 3628 wrote to memory of 4944	3628	RFQ_4183321000004562E20000.exe	101
PID 3628 wrote to memory of 4716	3628	RFQ_4183321000004562E20000.exe	102
PID 3628 wrote to memory of 4716	3628	RFQ_4183321000004562E20000.exe	102
PID 3628 wrote to memory of 3780	3628	RFQ_4183321000004562E20000.exe	103
PID 3628 wrote to memory of 3780	3628	RFQ_4183321000004562E20000.exe	103
PID 3628 wrote to memory of 4908	3628	RFQ_4183321000004562E20000.exe	104
PID 3628 wrote to memory of 4908	3628	RFQ_4183321000004562E20000.exe	104
PID 3628 wrote to memory of 3416	3628	RFQ_4183321000004562E20000.exe	105
PID 3628 wrote to memory of 3416	3628	RFQ_4183321000004562E20000.exe	105
PID 3628 wrote to memory of 3416	3628	RFQ_4183321000004562E20000.exe	105
PID 3628 wrote to memory of 3416	3628	RFQ_4183321000004562E20000.exe	105
PID 3628 wrote to memory of 3416	3628	RFQ_4183321000004562E20000.exe	105
PID 3628 wrote to memory of 3416	3628	RFQ_4183321000004562E20000.exe	105
PID 3628 wrote to memory of 3416	3628	RFQ_4183321000004562E20000.exe	105

C:\Users\Admin\AppData\Local\Temp\RFQ_4183321000004562E20000.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ_4183321000004562E20000.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4660
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:3576
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4436
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4944
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4716
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:3780
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4908
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3416-4904-0x00007FFC4E980000-0x00007FFC4F441000-memory.dmp

Filesize
10.8MB

Download
memory/3416-4905-0x00007FFC4E980000-0x00007FFC4F441000-memory.dmp

Filesize
10.8MB

Download
memory/3416-4903-0x0000022669BF0000-0x0000022669D06000-memory.dmp

Filesize
1.1MB

Download
memory/3628-47-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-53-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-5-0x000001AEB87C0000-0x000001AEB8AAA000-memory.dmp

Filesize
2.9MB

Download
memory/3628-6-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-9-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-7-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-35-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-61-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-57-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-69-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-67-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-65-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-63-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-59-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-55-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-37-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-51-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-50-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-43-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-41-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-39-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-0-0x00007FFC4E983000-0x00007FFC4E985000-memory.dmp

Filesize
8KB

Download
memory/3628-4-0x00007FFC4E980000-0x00007FFC4F441000-memory.dmp

Filesize
10.8MB

Download
memory/3628-45-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-4894-0x000001AEB8AB0000-0x000001AEB8BD8000-memory.dmp

Filesize
1.2MB

Download
memory/3628-29-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-27-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-25-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-15-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-13-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-33-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-23-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-11-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-21-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-19-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-17-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-4892-0x00007FFC4E980000-0x00007FFC4F441000-memory.dmp

Filesize
10.8MB

Download
memory/3628-4893-0x000001AEB8550000-0x000001AEB8556000-memory.dmp

Filesize
24KB

Download
memory/3628-31-0x000001AEB87C0000-0x000001AEB8AA5000-memory.dmp

Filesize
2.9MB

Download
memory/3628-4895-0x000001AEB8BE0000-0x000001AEB8C2C000-memory.dmp

Filesize
304KB

Download
memory/3628-4896-0x00007FFC4E980000-0x00007FFC4F441000-memory.dmp

Filesize
10.8MB

Download
memory/3628-4897-0x000001AEB8E30000-0x000001AEB8E84000-memory.dmp

Filesize
336KB

Download
memory/3628-4902-0x00007FFC4E980000-0x00007FFC4F441000-memory.dmp

Filesize
10.8MB

Download
memory/3628-3-0x00007FFC4E983000-0x00007FFC4E985000-memory.dmp

Filesize
8KB

Download
memory/3628-2-0x00007FFC4E980000-0x00007FFC4F441000-memory.dmp

Filesize
10.8MB

Download
memory/3628-1-0x000001AE9E050000-0x000001AE9E0C8000-memory.dmp

Filesize
480KB

Download