Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-09-2024 05:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
QUOTATION_SEPQTRA071244PDF.scr
Resource
win7-20240903-en
3 signatures
300 seconds
Behavioral task
behavioral2
Sample
QUOTATION_SEPQTRA071244PDF.scr
Resource
win10v2004-20240802-en
10 signatures
300 seconds
General
-
Target
QUOTATION_SEPQTRA071244PDF.scr
-
Size
381KB
-
MD5
50a157fb406cdb2a8a9b1f750e47f345
-
SHA1
09303a9c0b3840babb4f08eff7a40344a44cd2b2
-
SHA256
e21eca753aa35b2bab191554576380a74523ab7879ec016a46312b587e35643d
-
SHA512
f4e2b8cf9af513c7003616f6dbec1152dbd27fd3d8c9bc8cf366c2e9435061c47ddf18f88ef9c005de22c7e996fc677d307b2b542d105eab3ebd3bcdfeab48e8
-
SSDEEP
1536:Z/JmXdUuKuFaMEEoGsNpdPTsJ3KzQ7qPpqOLy0uyL+fJ:Z/kmupFFvQNpdPS3XYuys
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
QUOTATION_SEPQTRA071244PDF.scrpid Process 2824 QUOTATION_SEPQTRA071244PDF.scr 2824 QUOTATION_SEPQTRA071244PDF.scr 2824 QUOTATION_SEPQTRA071244PDF.scr 2824 QUOTATION_SEPQTRA071244PDF.scr -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
QUOTATION_SEPQTRA071244PDF.scrdescription pid Process Token: SeDebugPrivilege 2824 QUOTATION_SEPQTRA071244PDF.scr Token: SeDebugPrivilege 2824 QUOTATION_SEPQTRA071244PDF.scr -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
QUOTATION_SEPQTRA071244PDF.scrdescription pid Process procid_target PID 2824 wrote to memory of 5112 2824 QUOTATION_SEPQTRA071244PDF.scr 32 PID 2824 wrote to memory of 5112 2824 QUOTATION_SEPQTRA071244PDF.scr 32 PID 2824 wrote to memory of 5112 2824 QUOTATION_SEPQTRA071244PDF.scr 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\QUOTATION_SEPQTRA071244PDF.scr"C:\Users\Admin\AppData\Local\Temp\QUOTATION_SEPQTRA071244PDF.scr" /S1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2824 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2824 -s 15842⤵PID:5112
-