Analysis
-
max time kernel
35s -
max time network
138s -
platform
windows7_x64 -
resource
win7v200722 -
submitted
06-08-2020 13:17
Static task
static1
Behavioral task
behavioral1
Sample
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
Resource
win10
General
-
Target
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
-
Size
1.1MB
-
MD5
e255489d5f3e363d714ee0cecf55fe34
-
SHA1
abee71dd7a24cb405390fa25e24297ac6e520809
-
SHA256
92bae130f70a00a0207adfa078c44f57a9c6326c8873847f99acc8d3398b5f7a
-
SHA512
6cb359bccc3834973481a089cf3e3a30d0948242579351e9e3f1de352215a50602b3624cb54954be538f4b13fcb9bbbb054d4683a5677100429b35aa6f9fb697
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2090973689-680783404-4292415065-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Jkml = "C:\\Users\\Admin\\AppData\\Local\\Jkml.url" Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 4 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 6 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exedescription pid process Token: SeIncreaseQuotaPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSecurityPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeTakeOwnershipPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeLoadDriverPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSystemProfilePrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSystemtimePrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeProfSingleProcessPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeIncBasePriorityPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeCreatePagefilePrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeBackupPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeRestorePrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeShutdownPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeDebugPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSystemEnvironmentPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeChangeNotifyPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeRemoteShutdownPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeUndockPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeManageVolumePrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeImpersonatePrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeCreateGlobalPrivilege 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: 33 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: 34 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: 35 1408 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe