82eda530a922eedffda8d9d2b65d038ec7ca24029f242ad7c0e3cb429dc34538

Analysis

max time kernel
140s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 06:48

Target

QUOTATION#00343.exe
Size

1.8MB
MD5

1a42e34e1407e57bc06a09770a1c99c6
SHA1

dfb921a51dffb15f1b65dd303d25ebe9ee8f2057
SHA256

82eda530a922eedffda8d9d2b65d038ec7ca24029f242ad7c0e3cb429dc34538
SHA512

b56ea90940e2a1b67bc1b7ca05efa444a73d2ff5d136c84efec58d5b3e3714dd9a3450eaac3414e356bcb0405339c314d6d3d6d6efc6b3408ae1ee506dd59d5c
SSDEEP

49152:Wtf/Bn8MKtyNonstk42uf5xJtiuRlSW2K0KFLBJ:CDKoCok4Lf5Pt5SW2K0KlP

Score

5^/10

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/5552-4-0x0000000000400000-0x000000000054B000-memory.dmp	autoit_exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3040 set thread context of 5552	3040	QUOTATION#00343.exe	91

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3040	QUOTATION#00343.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5552	iexplore.exe
5552	iexplore.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
5552	iexplore.exe
5552	iexplore.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91
PID 3040 wrote to memory of 5552	3040	QUOTATION#00343.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:2420

memory/3040-0-0x00007FFDA2A10000-0x00007FFDA2C05000-memory.dmp

Filesize
2.0MB

Download
memory/3040-1-0x00000252F66E0000-0x00000252F6712000-memory.dmp

Filesize
200KB

Download
memory/3040-2-0x00007FFDA2A10000-0x00007FFDA2C05000-memory.dmp

Filesize
2.0MB

Download
memory/3040-3-0x00000252F90F0000-0x00000252F928E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-15-0x00007FFDA2A10000-0x00007FFDA2C05000-memory.dmp

Filesize
2.0MB

Download
memory/5552-4-0x0000000000400000-0x000000000054B000-memory.dmp

Filesize
1.3MB

Download