980ff35a7cf5a6557b96df3d9956a133163d91d1691ccf7c1b752bdc0aa4ff2b

General

Target

Halkbank_Ekstre_20211110089273_0838736543566.exe
Size

762KB
MD5

a9ad148eb1e943000ff55d94820da73c
SHA1

4131afbaa43d4c405e5e5c046065d12456cf8d22
SHA256

980ff35a7cf5a6557b96df3d9956a133163d91d1691ccf7c1b752bdc0aa4ff2b
SHA512

5c88f18eee0ec5e04b9f582f327f1fa125657c4ca9c6b1160ca6dcb900662f7e52529475a6867dbfecca04b69d816dd52ba99bb479fd2e6e4f7165f7af460a22

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Halkbank_Ekstre_20211110089273_0838736543566.exe

pid	process
1940	Halkbank_Ekstre_20211110089273_0838736543566.exe
1940	Halkbank_Ekstre_20211110089273_0838736543566.exe
1940	Halkbank_Ekstre_20211110089273_0838736543566.exe
1940	Halkbank_Ekstre_20211110089273_0838736543566.exe
1940	Halkbank_Ekstre_20211110089273_0838736543566.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Halkbank_Ekstre_20211110089273_0838736543566.exe

description pid process

Token: SeDebugPrivilege 1940 Halkbank_Ekstre_20211110089273_0838736543566.exe

description	pid	process
Token: SeDebugPrivilege	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Halkbank_Ekstre_20211110089273_0838736543566.exe

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1940

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe"
2⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe"
2⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe"
2⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe"
2⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20211110089273_0838736543566.exe"
2⤵
PID:1312

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1940-59-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1940-61-0x0000000075C31000-0x0000000075C33000-memory.dmp

Filesize
8KB

Download
memory/1940-62-0x0000000004F60000-0x0000000004F61000-memory.dmp

Filesize
4KB

Download
memory/1940-63-0x0000000000340000-0x0000000000351000-memory.dmp

Filesize
68KB

Download
memory/1940-64-0x00000000054A0000-0x000000000551D000-memory.dmp

Filesize
500KB

Download

description	pid	process	target process
PID 1940 wrote to memory of 1452	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1452	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1452	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1452	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 848	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 848	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 848	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 848	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1356	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1356	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1356	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1356	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1352	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1352	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1352	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1352	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1312	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1312	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1312	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe
PID 1940 wrote to memory of 1312	1940	Halkbank_Ekstre_20211110089273_0838736543566.exe	Halkbank_Ekstre_20211110089273_0838736543566.exe

Analysis

Sharing