Overview

overview

10

Static

static

Hesap hare...iz.exe

windows7_x64

10

Hesap hare...iz.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    129s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hesap hareketleriniz.exe

  • Size

    1.2MB

  • MD5

    a11cb2b444cb1a165e23fc97fe1304cb

  • SHA1

    65dbfdd4da931bd749f99b5a3c766baa61012e6c

  • SHA256

    0329eea7ab274894de8d7f91105cdea35e86e45e73c9c4411c5fae7cd564832c

  • SHA512

    3f217cac3d11bf3c4ef5e5df824ee0fe25b7f20b549e16c046211cc16914c51480397b1923db65cbe03beeec2e56c55a57602dc1fb05f79bbb021a0107621bd1

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hesap hareketleriniz.exe
    "C:\Users\Admin\AppData\Local\Temp\Hesap hareketleriniz.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3180
    • C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\system32\notepad.exe"
      2⤵
      • Drops startup file
      PID:4920
    • C:\Users\Admin\AppData\Local\Temp\Hesap hareketleriniz.exe
      "C:\Users\Admin\AppData\Local\Temp\Hesap hareketleriniz.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2232
      • C:\Windows\SysWOW64\cmd.exe
        "cmd" /c start /b powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\Hesap hareketleriniz.exe' & exit
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4556
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell Start-Sleep -Seconds 2; Remove-Item -path 'C:\Users\Admin\AppData\Local\Temp\Hesap hareketleriniz.exe'
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2232-138-0x0000000005710000-0x00000000057A2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2232-133-0x0000000000BF0000-0x0000000000CB4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2232-134-0x0000000000BF0000-0x0000000000CB4000-memory.dmp

    Filesize

    784KB

    Download

  • memory/2232-135-0x0000000004CA0000-0x0000000005244000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2232-136-0x0000000005250000-0x00000000052EC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2232-137-0x0000000005370000-0x00000000053D6000-memory.dmp

    Filesize

    408KB

    Download

  • memory/3180-130-0x0000000000400000-0x0000000000545000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4460-141-0x0000000004980000-0x00000000049B6000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4460-142-0x0000000005100000-0x0000000005728000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4460-143-0x0000000005070000-0x0000000005092000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4460-144-0x00000000059A0000-0x0000000005A06000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4460-145-0x0000000005B50000-0x0000000005B6E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4460-146-0x0000000007570000-0x0000000007BEA000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4460-147-0x0000000006410000-0x000000000642A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4460-148-0x0000000007190000-0x0000000007226000-memory.dmp

    Filesize

    600KB

    Download

  • memory/4460-149-0x0000000006500000-0x0000000006522000-memory.dmp

    Filesize

    136KB

    Download