a7973a17712bb6def98c296393e3161073714539744d2b0f6e7b115fe8f05128

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QUOTATION_SEPQTRA071244PDF.scr.exe
Size

361KB
MD5

787ea6002e86cb8b3c7b4a4c0060c500
SHA1

017ac6ff804196bb686fa0c73ca6a4766b6f555b
SHA256

a7973a17712bb6def98c296393e3161073714539744d2b0f6e7b115fe8f05128
SHA512

a095742146b74732ca8e55ae376da3b0bb40ae18f9c19beba73649ae45bbcea5495811f3e34270b68e583921b7ce52355b9370023cdfd3f79d592d503f2bdb9b
SSDEEP

3072:m1Did/y4BPIqk2gh6iP40nP05w+VYuyZ:qid/9V

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2504	QUOTATION_SEPQTRA071244PDF.scr.exe
2504	QUOTATION_SEPQTRA071244PDF.scr.exe
2504	QUOTATION_SEPQTRA071244PDF.scr.exe
2504	QUOTATION_SEPQTRA071244PDF.scr.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2504	QUOTATION_SEPQTRA071244PDF.scr.exe
Token: SeDebugPrivilege	2504	QUOTATION_SEPQTRA071244PDF.scr.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 6128	2504	QUOTATION_SEPQTRA071244PDF.scr.exe	32
PID 2504 wrote to memory of 6128	2504	QUOTATION_SEPQTRA071244PDF.scr.exe	32
PID 2504 wrote to memory of 6128	2504	QUOTATION_SEPQTRA071244PDF.scr.exe	32

C:\Users\Admin\AppData\Local\Temp\QUOTATION_SEPQTRA071244PDF.scr.exe
"C:\Users\Admin\AppData\Local\Temp\QUOTATION_SEPQTRA071244PDF.scr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2504 -s 1672
  2⤵
  PID:6128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2504-0-0x000007FEF5063000-0x000007FEF5064000-memory.dmp

Filesize
4KB

Download
memory/2504-1-0x00000000008A0000-0x0000000000900000-memory.dmp

Filesize
384KB

Download
memory/2504-2-0x000007FEF5060000-0x000007FEF5A4C000-memory.dmp

Filesize
9.9MB

Download
memory/2504-3-0x000000001C7E0000-0x000000001C8E0000-memory.dmp

Filesize
1024KB

Download
memory/2504-4-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-17-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-5-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-23-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-7-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-51-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-9-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-13-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-15-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-19-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-25-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-29-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-37-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-43-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-47-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-45-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-49-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-67-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-65-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-63-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-61-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-59-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-57-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-55-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-53-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-41-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-39-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-35-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-33-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-31-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-27-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-21-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-11-0x000000001C7E0000-0x000000001C8DB000-memory.dmp

Filesize
1004KB

Download
memory/2504-1078-0x000007FEF5060000-0x000007FEF5A4C000-memory.dmp

Filesize
9.9MB

Download
memory/2504-1079-0x000000001B830000-0x000000001B8AC000-memory.dmp

Filesize
496KB

Download
memory/2504-1080-0x00000000007B0000-0x00000000007FC000-memory.dmp

Filesize
304KB

Download
memory/2504-1081-0x000007FEF5063000-0x000007FEF5064000-memory.dmp

Filesize
4KB

Download
memory/2504-1082-0x000007FEF5060000-0x000007FEF5A4C000-memory.dmp

Filesize
9.9MB

Download
memory/2504-1083-0x0000000000A00000-0x0000000000A54000-memory.dmp

Filesize
336KB

Download