Analysis
-
max time kernel
120s -
max time network
143s -
platform
windows10_x64 -
resource
win10 -
submitted
06-08-2020 13:17
Static task
static1
Behavioral task
behavioral1
Sample
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
Resource
win10
General
-
Target
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe
-
Size
1.1MB
-
MD5
e255489d5f3e363d714ee0cecf55fe34
-
SHA1
abee71dd7a24cb405390fa25e24297ac6e520809
-
SHA256
92bae130f70a00a0207adfa078c44f57a9c6326c8873847f99acc8d3398b5f7a
-
SHA512
6cb359bccc3834973481a089cf3e3a30d0948242579351e9e3f1de352215a50602b3624cb54954be538f4b13fcb9bbbb054d4683a5677100429b35aa6f9fb697
Malware Config
Signatures
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Jkml = "C:\\Users\\Admin\\AppData\\Local\\Jkml.url" Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
Processes:
description flow ioc HTTP User-Agent header 9 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 7 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious use of AdjustPrivilegeToken 24 IoCs
Processes:
Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exedescription pid process Token: SeIncreaseQuotaPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSecurityPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeTakeOwnershipPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeLoadDriverPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSystemProfilePrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSystemtimePrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeProfSingleProcessPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeIncBasePriorityPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeCreatePagefilePrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeBackupPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeRestorePrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeShutdownPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeDebugPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeSystemEnvironmentPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeChangeNotifyPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeRemoteShutdownPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeUndockPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeManageVolumePrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeImpersonatePrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: SeCreateGlobalPrivilege 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: 33 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: 34 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: 35 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe Token: 36 976 Temmuz 2020 Bayi-Personel Prim Kazanc Tablosu.exe