Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 01:49

General

  • Target

    RFQ.exe

  • Size

    2.1MB

  • MD5

    388cda6f9ff919c387e097bd12538c7c

  • SHA1

    1ab6a7ede3eeb8c4a99f0176e42fb5f6950842bf

  • SHA256

    0183ba97dbe99cfbc5aa2966de3239d27bb7d14cab59bc2fb9d268645b475fbc

  • SHA512

    77bc4335af3c69fae5762569b0207a038d2abedb907706214fb2210d1dd00db09055c240873a8c638a5f1b7eee74517af2e7f56677de940d43a53da5b88299ac

  • SSDEEP

    12288:pFv5TD20phWGTZoH6NE+B1rFVoiYYQdjgLytJRA0VlxTQ6u:7h2ibTKQPvQdjgKVl1Q6u

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RFQ.exe
    "C:\Users\Admin\AppData\Local\Temp\RFQ.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1892-0-0x000007FEF5DC3000-0x000007FEF5DC4000-memory.dmp

    Filesize

    4KB

  • memory/1892-1-0x0000000000390000-0x0000000000398000-memory.dmp

    Filesize

    32KB

  • memory/1892-2-0x00000000002E0000-0x0000000000376000-memory.dmp

    Filesize

    600KB

  • memory/1892-3-0x000007FEF5DC0000-0x000007FEF67AC000-memory.dmp

    Filesize

    9.9MB