b466ce0f2a8a448825ab70818a4442ffab05d8f1f29282c24757f360a7de99c0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20-06-2024 01:49

Target

Quotation for Stainless steel.exe
Size

703KB
MD5

81ee41d34911b369e2bea099a3eab641
SHA1

2b07f17a2db091c42185942dfabb3e17e5749879
SHA256

42f3e537e4c19d1c9b0f2cb2cedf4e2700bffeefff48db124aa01ee380c18601
SHA512

899ca1c9cc6590756ff62d37bc1e73aee87b2728af03e14f1fb439b88500f9745c449f3e102f316398e6543600eb37b36172d8b2920ecd655b13513173004666
SSDEEP

12288:3Nv5c6l3Muk04ZZA3W2NFXYzGUv0QcFOMNj6dBukLlxj7DTEAmDnkR:JOn04wm2nYzj0BFOMNj2bFTn

Score

1^/10

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2860	Quotation for Stainless steel.exe
2860	Quotation for Stainless steel.exe
2860	Quotation for Stainless steel.exe
2860	Quotation for Stainless steel.exe
2860	Quotation for Stainless steel.exe
2860	Quotation for Stainless steel.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2860	Quotation for Stainless steel.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2932	2860	Quotation for Stainless steel.exe	28
PID 2860 wrote to memory of 2932	2860	Quotation for Stainless steel.exe	28
PID 2860 wrote to memory of 2932	2860	Quotation for Stainless steel.exe	28
PID 2860 wrote to memory of 2932	2860	Quotation for Stainless steel.exe	28
PID 2860 wrote to memory of 2612	2860	Quotation for Stainless steel.exe	29
PID 2860 wrote to memory of 2612	2860	Quotation for Stainless steel.exe	29
PID 2860 wrote to memory of 2612	2860	Quotation for Stainless steel.exe	29
PID 2860 wrote to memory of 2612	2860	Quotation for Stainless steel.exe	29
PID 2860 wrote to memory of 2948	2860	Quotation for Stainless steel.exe	30
PID 2860 wrote to memory of 2948	2860	Quotation for Stainless steel.exe	30
PID 2860 wrote to memory of 2948	2860	Quotation for Stainless steel.exe	30
PID 2860 wrote to memory of 2948	2860	Quotation for Stainless steel.exe	30
PID 2860 wrote to memory of 2516	2860	Quotation for Stainless steel.exe	31
PID 2860 wrote to memory of 2516	2860	Quotation for Stainless steel.exe	31
PID 2860 wrote to memory of 2516	2860	Quotation for Stainless steel.exe	31
PID 2860 wrote to memory of 2516	2860	Quotation for Stainless steel.exe	31
PID 2860 wrote to memory of 2056	2860	Quotation for Stainless steel.exe	32
PID 2860 wrote to memory of 2056	2860	Quotation for Stainless steel.exe	32
PID 2860 wrote to memory of 2056	2860	Quotation for Stainless steel.exe	32
PID 2860 wrote to memory of 2056	2860	Quotation for Stainless steel.exe	32

C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe
"C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe
  "C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe"
  2⤵
  PID:2932
- C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe
  "C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe"
  2⤵
  PID:2612
- C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe
  "C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe"
  2⤵
  PID:2948
- C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe
  "C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe"
  2⤵
  PID:2516
- C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe
  "C:\Users\Admin\AppData\Local\Temp\Quotation for Stainless steel.exe"
  2⤵
  PID:2056

memory/2860-0-0x00000000742CE000-0x00000000742CF000-memory.dmp

Filesize
4KB

Download
memory/2860-1-0x00000000003E0000-0x0000000000492000-memory.dmp

Filesize
712KB

Download
memory/2860-2-0x00000000742C0000-0x00000000749AE000-memory.dmp

Filesize
6.9MB

Download
memory/2860-3-0x0000000000210000-0x0000000000222000-memory.dmp

Filesize
72KB

Download
memory/2860-4-0x00000000004A0000-0x00000000004A8000-memory.dmp

Filesize
32KB

Download
memory/2860-5-0x0000000000620000-0x000000000062C000-memory.dmp

Filesize
48KB

Download
memory/2860-6-0x00000000048E0000-0x0000000004962000-memory.dmp

Filesize
520KB

Download
memory/2860-7-0x00000000742C0000-0x00000000749AE000-memory.dmp

Filesize
6.9MB

Download