Overview

overview

10

Static

static

3

RFQ_TFS-15...NG.exe

windows7-x64

1

RFQ_TFS-15...NG.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-11-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RFQ_TFS-1508-AL NASR ENGINEERING.exe

  • Size

    1.4MB

  • MD5

    d49ddb40b2037ac73988f82b820f4cd1

  • SHA1

    a3b36cc36bdcf59c03794b3366a454ee0cb888d3

  • SHA256

    24050e65286707adf974167b31a7443dbc40fe475d1cf2515fe1b318dfc0d4d7

  • SHA512

    96deb0ffe41998f2866a71d9304877c1c20bd86b5cc5b48cb44398a516fb989473bbbf7084df2fe7f933d2ce594992966085df31276b324acc0f2c4950dc11a6

  • SSDEEP

    12288:H3XhFxpSPO4ZhtlsiVWKDXbn849nKxqt7Q2:HhFxcmEhtfXxdV

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ_TFS-1508-AL NASR ENGINEERING.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ_TFS-1508-AL NASR ENGINEERING.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2864-0-0x000007FEF5A53000-0x000007FEF5A54000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2864-1-0x0000000000040000-0x000000000005E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2864-2-0x0000000000300000-0x0000000000370000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2864-3-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

    Filesize

    9.9MB

    Download