857f9ec55794e1c43321c0054bb3a6cee591fb04a07a62fbdfce2cc20e508a7a

General

Target

Halkbank_Ekstre_20210112_162325_384771.exe
Size

1.3MB
MD5

112bc18db2a6c3c49ddcac7678abfad7
SHA1

5338fba62d03bf2c6979c3def6f622b60377533d
SHA256

857f9ec55794e1c43321c0054bb3a6cee591fb04a07a62fbdfce2cc20e508a7a
SHA512

578ae6a7ef9aaae4c7f2174c7a9288b800a80340182a032ac1f9e71d983509c1af2cac2b835b9eb58335f8a83ec6319d8f0efc94741676f453e5039d6e47a674

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Halkbank_Ekstre_20210112_162325_384771.exe

pid	process
1748	Halkbank_Ekstre_20210112_162325_384771.exe
1748	Halkbank_Ekstre_20210112_162325_384771.exe
1748	Halkbank_Ekstre_20210112_162325_384771.exe
1748	Halkbank_Ekstre_20210112_162325_384771.exe
1748	Halkbank_Ekstre_20210112_162325_384771.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Halkbank_Ekstre_20210112_162325_384771.exe

description pid process

Token: SeDebugPrivilege 1748 Halkbank_Ekstre_20210112_162325_384771.exe

description	pid	process
Token: SeDebugPrivilege	1748	Halkbank_Ekstre_20210112_162325_384771.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Halkbank_Ekstre_20210112_162325_384771.exe

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1748

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe"
2⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe"
2⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe"
2⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe"
2⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20210112_162325_384771.exe"
2⤵
PID:1348

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-2-0x00000000740C0000-0x00000000747AE000-memory.dmp

Filesize
6.9MB

Download
memory/1748-3-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1748-5-0x00000000002C0000-0x00000000002D2000-memory.dmp

Filesize
72KB

Download
memory/1748-6-0x0000000005890000-0x0000000005967000-memory.dmp

Filesize
860KB

Download

description	pid	process	target process
PID 1748 wrote to memory of 652	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 652	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 652	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 652	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 268	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 268	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 268	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 268	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 752	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 752	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 752	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 752	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1132	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1132	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1132	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1132	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1348	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1348	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1348	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe
PID 1748 wrote to memory of 1348	1748	Halkbank_Ekstre_20210112_162325_384771.exe	Halkbank_Ekstre_20210112_162325_384771.exe

Analysis

Sharing