5f3215ad04a8277ce78a17ea870beb4189e6fee16f36942c25d98ca24e9166e9

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QUOTATIONSEPQTRA071244PDF.scr.exe
Size

368KB
MD5

51f72822ddf3ea7523d116ff4328c22f
SHA1

70e22a50a272f9cecac73153e812fa9d140edd4d
SHA256

5f3215ad04a8277ce78a17ea870beb4189e6fee16f36942c25d98ca24e9166e9
SHA512

9bc35c63f3fbf48d362d7132925d27880333a13e2cdc2b0cbd9f1040475b410701aa1791504f92559622f44d99ab5cd3ece37ec7b8682685fc86e69b0937540b
SSDEEP

384:OJGY/HAGNn06CjFN8P3YsU6fCWYA8S/hs/E2sofOh/Q0RbnqRGt/KzVtBBU:OJVdNdM8sScR9ApqcAg

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2900	QUOTATIONSEPQTRA071244PDF.scr.exe
2900	QUOTATIONSEPQTRA071244PDF.scr.exe
2900	QUOTATIONSEPQTRA071244PDF.scr.exe
2900	QUOTATIONSEPQTRA071244PDF.scr.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2900	QUOTATIONSEPQTRA071244PDF.scr.exe
Token: SeDebugPrivilege	2900	QUOTATIONSEPQTRA071244PDF.scr.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 1868	2900	QUOTATIONSEPQTRA071244PDF.scr.exe	32
PID 2900 wrote to memory of 1868	2900	QUOTATIONSEPQTRA071244PDF.scr.exe	32
PID 2900 wrote to memory of 1868	2900	QUOTATIONSEPQTRA071244PDF.scr.exe	32

C:\Users\Admin\AppData\Local\Temp\QUOTATIONSEPQTRA071244PDF.scr.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTATIONSEPQTRA071244PDF.scr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2900 -s 1672
  2⤵
  PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2900-0-0x000007FEF53D3000-0x000007FEF53D4000-memory.dmp

Filesize
4KB

Download
memory/2900-1-0x0000000000880000-0x00000000008E0000-memory.dmp

Filesize
384KB

Download
memory/2900-2-0x000007FEF53D0000-0x000007FEF5DBC000-memory.dmp

Filesize
9.9MB

Download
memory/2900-3-0x0000000002620000-0x0000000002722000-memory.dmp

Filesize
1.0MB

Download
memory/2900-7-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-43-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-65-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-1079-0x0000000000960000-0x00000000009AC000-memory.dmp

Filesize
304KB

Download
memory/2900-1080-0x000007FEF53D0000-0x000007FEF5DBC000-memory.dmp

Filesize
9.9MB

Download
memory/2900-1078-0x00000000008E0000-0x000000000095C000-memory.dmp

Filesize
496KB

Download
memory/2900-63-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-61-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-59-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-57-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-55-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-53-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-51-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-49-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-47-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-45-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-41-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-39-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-37-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-35-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-33-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-31-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-29-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-27-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-25-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-23-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-21-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-19-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-17-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-15-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-13-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-11-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-67-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-9-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-5-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-4-0x0000000002620000-0x000000000271B000-memory.dmp

Filesize
1004KB

Download
memory/2900-1081-0x000007FEF53D3000-0x000007FEF53D4000-memory.dmp

Filesize
4KB

Download
memory/2900-1082-0x000007FEF53D0000-0x000007FEF5DBC000-memory.dmp

Filesize
9.9MB

Download
memory/2900-1083-0x000000001AF60000-0x000000001AFB4000-memory.dmp

Filesize
336KB

Download