259768c3fda8c71024d9e77d8ebf98ac72b5dfd672cf1d93161c724ea256e83a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QUOTATION_NOVQTRA071244úPDF.scr
Size

1.2MB
MD5

9cb11cf0e358d8b07765cb9b3830ec84
SHA1

934d2ff4aae74a15c211bfbec2d912a0b6da130a
SHA256

259768c3fda8c71024d9e77d8ebf98ac72b5dfd672cf1d93161c724ea256e83a
SHA512

ff53714e9dc388b0f75c0d10a6038bdd7ff7577c2564976d8b2a421f8d18ecbf87814457ee4d3f8e88921af80327380b0524d1285d78346ff38f98c32acb412e
SSDEEP

24576:7zfPC682UBvyVFA3rx+ppyDW8XxgGzfi6F3DY:HbQtxQaxfi6F3E

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3052	QUOTATION_NOVQTRA071244úPDF.scr
3052	QUOTATION_NOVQTRA071244úPDF.scr
3052	QUOTATION_NOVQTRA071244úPDF.scr
3052	QUOTATION_NOVQTRA071244úPDF.scr

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3052	QUOTATION_NOVQTRA071244úPDF.scr
Token: SeDebugPrivilege	3052	QUOTATION_NOVQTRA071244úPDF.scr

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2924	3052	QUOTATION_NOVQTRA071244úPDF.scr	32
PID 3052 wrote to memory of 2924	3052	QUOTATION_NOVQTRA071244úPDF.scr	32
PID 3052 wrote to memory of 2924	3052	QUOTATION_NOVQTRA071244úPDF.scr	32

C:\Users\Admin\AppData\Local\Temp\QUOTATION_NOVQTRA071244úPDF.scr
"C:\Users\Admin\AppData\Local\Temp\QUOTATION_NOVQTRA071244úPDF.scr" /S
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3052 -s 1036
  2⤵
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3052-0-0x000007FEF5EA3000-0x000007FEF5EA4000-memory.dmp

Filesize
4KB

Download
memory/3052-1-0x0000000001240000-0x0000000001376000-memory.dmp

Filesize
1.2MB

Download
memory/3052-2-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/3052-3-0x000000001BD90000-0x000000001BE7E000-memory.dmp

Filesize
952KB

Download
memory/3052-4-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-15-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-27-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-35-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-49-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-43-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-33-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-31-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-29-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-25-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-23-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-21-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-19-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-17-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-13-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-11-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-9-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-7-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-5-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-67-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-65-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-63-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-61-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-59-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-57-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-55-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-53-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-51-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-47-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-45-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-41-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-39-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-37-0x000000001BD90000-0x000000001BE78000-memory.dmp

Filesize
928KB

Download
memory/3052-1078-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/3052-1079-0x0000000000F30000-0x0000000000F90000-memory.dmp

Filesize
384KB

Download
memory/3052-1080-0x0000000000BD0000-0x0000000000C1C000-memory.dmp

Filesize
304KB

Download
memory/3052-1081-0x000007FEF5EA3000-0x000007FEF5EA4000-memory.dmp

Filesize
4KB

Download
memory/3052-1082-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/3052-1083-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/3052-1084-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/3052-1085-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download
memory/3052-1086-0x0000000002780000-0x00000000027D4000-memory.dmp

Filesize
336KB

Download
memory/3052-1087-0x000007FEF5EA0000-0x000007FEF688C000-memory.dmp

Filesize
9.9MB

Download