Overview

overview

10

Static

static

Halkbank_E...24.exe

windows7_x64

10

Halkbank_E...24.exe

windows10_x64

3

Analysis

  • max time kernel
    128s
  • max time network
    68s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    30-06-2020 17:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Halkbank_Ekstre_20200630_080918_33024.exe

  • Size

    1.4MB

  • MD5

    11e9c56a731fbc422bf3cf39b31c107f

  • SHA1

    96dfe8d71945e32732895f5f43146225844e23de

  • SHA256

    97430106f3fbf62f0c11f473012392d5b9eaeade9a0f2c6c7ea21e8d6d69f02c

  • SHA512

    eb360b954c38cfbf4ba51fce9979fab1ef737a65709fa07ad20413a9b8b92b060bbf931a006a3030e027f0a2e67437ac14479042203c6efdb50fb12723dce984

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20200630_080918_33024.exe
    "C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20200630_080918_33024.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:3216
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 932
      2⤵
      • Program crash
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1532-0-0x00000000043B0000-0x00000000043B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1532-1-0x00000000048F0000-0x00000000048F1000-memory.dmp
    Filesize

    4KB

    Download