b287de3756df371e1046322a567e8d8394a85915a80838c1832388a88c9dd9cd

Analysis

max time kernel
60s
max time network
49s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
10-08-2022 07:48

Target

hesaphareketi-01.exe
Size

837KB
MD5

ac4698531e36e36d068bbaa08e278dee
SHA1

7e09c7d495898bd992a1f7b0f516213df7775bd1
SHA256

b287de3756df371e1046322a567e8d8394a85915a80838c1832388a88c9dd9cd
SHA512

32804f2299a6a1bec3bb56846100a8619272c23409dd8fcd410f55b8395fb775e7da17ab9f04adf3f5065c8fef680013d6977832cc7e077b158b31c27a016f44

Score

1^/10

Suspicious behavior: EnumeratesProcesses 9 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1972	hesaphareketi-01.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1284	1972	hesaphareketi-01.exe	27
PID 1972 wrote to memory of 1284	1972	hesaphareketi-01.exe	27
PID 1972 wrote to memory of 1284	1972	hesaphareketi-01.exe	27
PID 1972 wrote to memory of 1284	1972	hesaphareketi-01.exe	27
PID 1972 wrote to memory of 1528	1972	hesaphareketi-01.exe	28
PID 1972 wrote to memory of 1528	1972	hesaphareketi-01.exe	28
PID 1972 wrote to memory of 1528	1972	hesaphareketi-01.exe	28
PID 1972 wrote to memory of 1528	1972	hesaphareketi-01.exe	28
PID 1972 wrote to memory of 624	1972	hesaphareketi-01.exe	29
PID 1972 wrote to memory of 624	1972	hesaphareketi-01.exe	29
PID 1972 wrote to memory of 624	1972	hesaphareketi-01.exe	29
PID 1972 wrote to memory of 624	1972	hesaphareketi-01.exe	29
PID 1972 wrote to memory of 1456	1972	hesaphareketi-01.exe	30
PID 1972 wrote to memory of 1456	1972	hesaphareketi-01.exe	30
PID 1972 wrote to memory of 1456	1972	hesaphareketi-01.exe	30
PID 1972 wrote to memory of 1456	1972	hesaphareketi-01.exe	30
PID 1972 wrote to memory of 1720	1972	hesaphareketi-01.exe	31
PID 1972 wrote to memory of 1720	1972	hesaphareketi-01.exe	31
PID 1972 wrote to memory of 1720	1972	hesaphareketi-01.exe	31
PID 1972 wrote to memory of 1720	1972	hesaphareketi-01.exe	31

C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe
"C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe
  "C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe"
  2⤵
  PID:1284
- C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe
  "C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe"
  2⤵
  PID:1528
- C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe
  "C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe"
  2⤵
  PID:624
- C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe
  "C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe"
  2⤵
  PID:1456
- C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe
  "C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.exe"
  2⤵
  PID:1720

memory/1972-54-0x00000000002B0000-0x0000000000388000-memory.dmp

Filesize
864KB

Download
memory/1972-55-0x0000000075371000-0x0000000075373000-memory.dmp

Filesize
8KB

Download
memory/1972-56-0x00000000004F0000-0x0000000000514000-memory.dmp

Filesize
144KB

Download
memory/1972-57-0x0000000000670000-0x000000000067C000-memory.dmp

Filesize
48KB

Download
memory/1972-58-0x0000000004E70000-0x0000000004EE0000-memory.dmp

Filesize
448KB

Download
memory/1972-59-0x0000000002250000-0x0000000002282000-memory.dmp

Filesize
200KB

Download