Analysis
-
max time kernel
114s -
max time network
120s -
platform
windows7_x64 -
resource
win7 -
submitted
31-07-2020 09:55
Static task
static1
Behavioral task
behavioral1
Sample
Akbank Hesap Özetiniz.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Akbank Hesap Özetiniz.exe
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
Akbank Hesap Özetiniz.exe
-
Size
774KB
-
MD5
6e5b122d49f7779416f98647230dd407
-
SHA1
894a4deadb0adac01a70e2611153a6a2a556118a
-
SHA256
866de889c68e9b0147480544b7e312decbe5483c1162fe3d205f85aeeb8e75a4
-
SHA512
7f3dca82a9181db925f3985fe7588755113e610253022b1478ec9e037f5745a4fa0d6531e4ae8df3cd5a4e6960c6a0b46653b346e6e08ac47abca50fdf317bb0
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Akbank Hesap Özetiniz.exedescription pid process Token: SeDebugPrivilege 1156 Akbank Hesap Özetiniz.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
Processes:
Akbank Hesap Özetiniz.exepid process 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe 1156 Akbank Hesap Özetiniz.exe -
Suspicious use of WriteProcessMemory 20 IoCs
Processes:
Akbank Hesap Özetiniz.exedescription pid process target process PID 1156 wrote to memory of 1796 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1796 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1796 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1796 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1788 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1788 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1788 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1788 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1884 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1884 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1884 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1884 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1896 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1896 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1896 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1896 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1908 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1908 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1908 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe PID 1156 wrote to memory of 1908 1156 Akbank Hesap Özetiniz.exe Akbank Hesap Özetiniz.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"{path}"2⤵
-
C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"{path}"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1156-1-0x0000000000000000-0x0000000000000000-disk.dmp