Overview

overview

10

Static

static

T.HALK BAN...df.exe

windows7_x64

10

T.HALK BAN...df.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    91s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05-02-2022 13:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    T.HALK BANKASI A.S. 03.12.2020 - 04.06.2020 Hesap Ekstresi.pdf.exe

  • Size

    811KB

  • MD5

    826de0fd25130a7c0a79cb47d1cd10d1

  • SHA1

    1d6cd2a23a0f9d17bf7481bd8380fa500deff528

  • SHA256

    75bdc371b036b0305280360996f8b060f89b1aa6e840f0fd96afd2bfba151104

  • SHA512

    1aff7e3b627b0dc60ae9b917347c06f0d2cf23f5f79a6a816e296ac85d10ed15e47b8ee874d5a0b9a7d3ee9e3b159b5b22c169fae382651fb7a8deacf6605dae

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\T.HALK BANKASI A.S. 03.12.2020 - 04.06.2020 Hesap Ekstresi.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\T.HALK BANKASI A.S. 03.12.2020 - 04.06.2020 Hesap Ekstresi.pdf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Windows\SysWOW64\fondue.exe
      "C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4676
      • C:\Windows\system32\FonDUE.EXE
        "C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll
        3⤵
          PID:1284
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4036

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4036-130-0x000001D5C0330000-0x000001D5C0340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4036-131-0x000001D5C0390000-0x000001D5C03A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4036-132-0x000001D5C30B0000-0x000001D5C30B4000-memory.dmp

      Filesize

      16KB

      Download