Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-10-2022 11:37

General

  • Target

    Halkbank,doc.exe

  • Size

    104KB

  • MD5

    eca5a273c2fd8d32e35a4af273064d5c

  • SHA1

    4dac9c2e6069f1007fab5f25e1f69be3310f6152

  • SHA256

    e8ec1e6c646cf6e7b9e8889ac902ec1facecc6d45236ceb0a3b0975d8aa13bfa

  • SHA512

    0e1c7c4587ebe29b5107e95f14d1ba8d1e784763012b7497552cfbfe6e269988f246a42ffabced99d7c5dde7e4a103691d6a6d62493c5d8bfbe037a881fa9182

  • SSDEEP

    1536:R1otmQi3h2Ovt0Yo++vw/18AyMMK4MIyp:R2twxOYo+mwNJb4MIyp

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Halkbank,doc.exe
    "C:\Users\Admin\AppData\Local\Temp\Halkbank,doc.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1116-54-0x0000000000D10000-0x0000000000D30000-memory.dmp

    Filesize

    128KB

  • memory/1116-55-0x0000000074D61000-0x0000000074D63000-memory.dmp

    Filesize

    8KB