82988b0e4f396aad7ebbd2f4db7f76680115df3464c770b3bb394fb09204782b

General

Target

Halkbank_Ekstre_20201019_080416_900140.pdf.exe
Size

2.0MB
MD5

78232de6e3d5cde5080f46df6216bc3a
SHA1

3c72ec5a1e21349ff72f75189cb781444744132b
SHA256

fdfa7f1312d60c75bcd775c87616b731602bbd1c658bbe63d6069f4243c85553
SHA512

db1f60bd7fdf498ba8a7f1b76e2e7196c8c5745e34e8202aeb92a74f9125e30ad216880993836ec0d42daebcf9dc3beee2a96e80b171b0523d6b15d0b2f97730

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Halkbank_Ekstre_20201019_080416_900140.pdf.exe

pid	process
2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Halkbank_Ekstre_20201019_080416_900140.pdf.exe

description pid process

Token: SeDebugPrivilege 2024 Halkbank_Ekstre_20201019_080416_900140.pdf.exe

description	pid	process
Token: SeDebugPrivilege	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Halkbank_Ekstre_20201019_080416_900140.pdf.exe

C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20201019_080416_900140.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20201019_080416_900140.pdf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20201019_080416_900140.pdf.exe
  "{path}"
  2⤵
  PID:1668
- C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20201019_080416_900140.pdf.exe
  "{path}"
  2⤵
  PID:1548
- C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20201019_080416_900140.pdf.exe
  "{path}"
  2⤵
  PID:1656
- C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20201019_080416_900140.pdf.exe
  "{path}"
  2⤵
  PID:808
- C:\Users\Admin\AppData\Local\Temp\Halkbank_Ekstre_20201019_080416_900140.pdf.exe
  "{path}"
  2⤵
  PID:1252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x0000000000380000-0x0000000000580000-memory.dmp

Filesize
2.0MB

Download
memory/2024-55-0x0000000006F60000-0x0000000007034000-memory.dmp

Filesize
848KB

Download
memory/2024-56-0x0000000075381000-0x0000000075383000-memory.dmp

Filesize
8KB

Download
memory/2024-57-0x0000000000770000-0x000000000078E000-memory.dmp

Filesize
120KB

Download
memory/2024-58-0x0000000004BA0000-0x0000000004C54000-memory.dmp

Filesize
720KB

Download

description	pid	process	target process
PID 2024 wrote to memory of 1668	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1668	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1668	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1668	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1548	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1548	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1548	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1548	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1656	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1656	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1656	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1656	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 808	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 808	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 808	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 808	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1252	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1252	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1252	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe
PID 2024 wrote to memory of 1252	2024	Halkbank_Ekstre_20201019_080416_900140.pdf.exe	Halkbank_Ekstre_20201019_080416_900140.pdf.exe

Analysis

Sharing