eb94b3a9d0c4cd649911af985e6d82a66c36c1436723eccd3dc7b8fc66dfe8bb | Triage

Submit
Reports

Overview

overview

9

Static

static

2022539611...AS.exe

windows7-x64

9

2022539611...AS.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

2022539611 DMO 1.SİPARİŞ OZAKYEL MEDIKAL AS.exe
Size

1007KB
Sample

221011-jeng5sccb7
MD5

ff44f2bc1cdb839d0164f15d4e8b5187
SHA1

b10c2840d81545b0056d4977788ca6c8b6c1d47d
SHA256

eb94b3a9d0c4cd649911af985e6d82a66c36c1436723eccd3dc7b8fc66dfe8bb
SHA512

93749566c5a6030321f0c24fc591fc7b566fe548e87d43667b07117917d827901e881f615f1a26d5ea09891a86e66202d3763e22026a52e80f802be86f07f0af
SSDEEP

12288:tswJ7logcsnGRaQPUKV7xIvVT/uZd6VxCG3LvpgGf4z9nu4Y6G4AQSQy4A:3lrxu7KRuwR9gs4zRdTAtQy4A

Score

9^/10

evasion

Static task

static1

Behavioral task

behavioral1

Sample

2022539611 DMO 1.SİPARİŞ OZAKYEL MEDIKAL AS.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2022539611 DMO 1.SİPARİŞ OZAKYEL MEDIKAL AS.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2022539611 DMO 1.SİPARİŞ OZAKYEL MEDIKAL AS.exe
- Size
  
  1007KB
- MD5
  
  ff44f2bc1cdb839d0164f15d4e8b5187
- SHA1
  
  b10c2840d81545b0056d4977788ca6c8b6c1d47d
- SHA256
  
  eb94b3a9d0c4cd649911af985e6d82a66c36c1436723eccd3dc7b8fc66dfe8bb
- SHA512
  
  93749566c5a6030321f0c24fc591fc7b566fe548e87d43667b07117917d827901e881f615f1a26d5ea09891a86e66202d3763e22026a52e80f802be86f07f0af
- SSDEEP
  
  12288:tswJ7logcsnGRaQPUKV7xIvVT/uZd6VxCG3LvpgGf4z9nu4Y6G4AQSQy4A:3lrxu7KRuwR9gs4zRdTAtQy4A
Score

9^/10

evasion
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy