d34d2bcd9b3777c6b55817e53c8e3b52d7f478c46694850f5dea5acf52544700

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-08-2022 05:41

Target

hesaphareketi-01.pdf.exe
Size

33KB
MD5

d071661f5d97f4cad9f3ad6f89deb22a
SHA1

4c84469d79f987d8cb33ab21ea2e4d850840dd66
SHA256

d34d2bcd9b3777c6b55817e53c8e3b52d7f478c46694850f5dea5acf52544700
SHA512

c457319d2804ddd9f50658a9d23fd7531ca3e195c996ea71cf34cb61d69e244b215960eddb42f8cf93824fdfb42244fd9274572a8240de46eb01f2c945296681
SSDEEP

768:kldUwq5k2wlTMHcNS7dQ+pEDwGguTLqTDO5XNVZZb9WG:klGZ8NIQ+pENguTLqvO5Xn9WG

Score

9^/10

discovery

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1940	hesaphareketi-01.pdf.exe

C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\hesaphareketi-01.pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1940

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1940-54-0x00000000011D0000-0x00000000011DE000-memory.dmp

Filesize
56KB

Download
memory/1940-55-0x00000000759E1000-0x00000000759E3000-memory.dmp

Filesize
8KB

Download