Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
30/08/2024, 13:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
QUOTATIONAUGQTRA071244PDF.scr.exe
Resource
win7-20240705-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
QUOTATIONAUGQTRA071244PDF.scr.exe
Resource
win10v2004-20240802-en
11 signatures
150 seconds
General
-
Target
QUOTATIONAUGQTRA071244PDF.scr.exe
-
Size
372KB
-
MD5
6badc2be7c289a2e7d0b017e3355b119
-
SHA1
a89325b9422957a9a9e539a9caad520ce4b1fc7d
-
SHA256
44cd4f6ebd5c40c71b72c4c9ae46838d778637eb70db082592bb7ccbeca4f47f
-
SHA512
8449f332c331da6aea103d97ed67a9c5b84ffaeaad1a104298fce39ec74bef89830e19945ddac8a7c421cd82de1651ba8594d752ceb389c9251c622a5f9217fe
-
SSDEEP
768:pYbN2A1nG9nyAWkaHRQTwdYF4H4447iiL1a:E2A1n4yAWNHRUmYF4H444la
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2992 QUOTATIONAUGQTRA071244PDF.scr.exe 2992 QUOTATIONAUGQTRA071244PDF.scr.exe 2992 QUOTATIONAUGQTRA071244PDF.scr.exe 2992 QUOTATIONAUGQTRA071244PDF.scr.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2992 QUOTATIONAUGQTRA071244PDF.scr.exe Token: SeDebugPrivilege 2992 QUOTATIONAUGQTRA071244PDF.scr.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2992 wrote to memory of 4964 2992 QUOTATIONAUGQTRA071244PDF.scr.exe 32 PID 2992 wrote to memory of 4964 2992 QUOTATIONAUGQTRA071244PDF.scr.exe 32 PID 2992 wrote to memory of 4964 2992 QUOTATIONAUGQTRA071244PDF.scr.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\QUOTATIONAUGQTRA071244PDF.scr.exe"C:\Users\Admin\AppData\Local\Temp\QUOTATIONAUGQTRA071244PDF.scr.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2992 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2992 -s 8722⤵PID:4964
-