Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
23-06-2022 14:09
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_230622_073809_405251.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_230622_073809_405251.exe
Resource
win10v2004-20220414-en
General
-
Target
Halkbank_Ekstre_230622_073809_405251.exe
-
Size
846KB
-
MD5
67159835537fc063197f0a1a03a69d1e
-
SHA1
28544f5e2a9eb0281d1c3de050894a2a56e0c3f1
-
SHA256
d4cbb8ee95410e64496a03b1a23868cdbe0c87e497671e39a0a23e20bd1f4179
-
SHA512
508f093f38d7befce08282c1f243a984b16e5262ac8190cab57a056860305f0a470ec932127a30123ded315a74c044b45b423695dc13e3045f14c05672c378fb
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
Processes:
Halkbank_Ekstre_230622_073809_405251.exepid process 904 Halkbank_Ekstre_230622_073809_405251.exe 904 Halkbank_Ekstre_230622_073809_405251.exe -
Drops file in Program Files directory 1 IoCs
Processes:
Halkbank_Ekstre_230622_073809_405251.exedescription ioc process File opened for modification C:\Program Files (x86)\HEPATOPEXIA.Hen Halkbank_Ekstre_230622_073809_405251.exe -
Drops file in Windows directory 1 IoCs
Processes:
Halkbank_Ekstre_230622_073809_405251.exedescription ioc process File opened for modification C:\Windows\resources\0409\STERTORIOUSLY.Bes Halkbank_Ekstre_230622_073809_405251.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\nsiE69A.tmp\System.dllFilesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
\Users\Admin\AppData\Local\Temp\nsiE69A.tmp\nsDialogs.dllFilesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355
-
memory/904-54-0x00000000751C1000-0x00000000751C3000-memory.dmpFilesize
8KB
-
memory/904-57-0x00000000023F0000-0x000000000303A000-memory.dmpFilesize
12.3MB
-
memory/904-58-0x00000000023F0000-0x000000000303A000-memory.dmpFilesize
12.3MB