866de889c68e9b0147480544b7e312decbe5483c1162fe3d205f85aeeb8e75a4

General

Target

Akbank Hesap Özetiniz.exe
Size

774KB
MD5

6e5b122d49f7779416f98647230dd407
SHA1

894a4deadb0adac01a70e2611153a6a2a556118a
SHA256

866de889c68e9b0147480544b7e312decbe5483c1162fe3d205f85aeeb8e75a4
SHA512

7f3dca82a9181db925f3985fe7588755113e610253022b1478ec9e037f5745a4fa0d6531e4ae8df3cd5a4e6960c6a0b46653b346e6e08ac47abca50fdf317bb0

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Akbank Hesap Özetiniz.exe

description pid process

Token: SeDebugPrivilege 1156 Akbank Hesap Özetiniz.exe

description	pid	process
Token: SeDebugPrivilege	1156	Akbank Hesap Özetiniz.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

Akbank Hesap Özetiniz.exe

pid	process
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe
1156	Akbank Hesap Özetiniz.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Akbank Hesap Özetiniz.exe

description	pid	process	target process
PID 1156 wrote to memory of 1796	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1796	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1796	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1796	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1788	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1788	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1788	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1788	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1884	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1884	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1884	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1884	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1896	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1896	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1896	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1896	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1908	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1908	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1908	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe
PID 1156 wrote to memory of 1908	1156	Akbank Hesap Özetiniz.exe	Akbank Hesap Özetiniz.exe

C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe
"C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1156

C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe
"{path}"
2⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe
"{path}"
2⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe
"{path}"
2⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe
"{path}"
2⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Akbank Hesap Özetiniz.exe
"{path}"
2⤵
PID:1908

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads