12050271ba333bbc55aca8540cb433b317c8b043fcc4f49e2013706f03834851

Analysis

max time kernel
149s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 19:00

Target

TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
Size

785KB
MD5

aaa417b91a2c24bdf448d9056b6ba263
SHA1

666a686e5d51b2f11078270d9424da6fa8ce0bb7
SHA256

12050271ba333bbc55aca8540cb433b317c8b043fcc4f49e2013706f03834851
SHA512

cf8046d99b5f846601c752d764411ac708b00e088c99a38925d75468b987dfeabb2acf1fb5c740f35fa79af135bb5293d0f282343b33a0731e4b07649542fa89
SSDEEP

12288:Rpuh7jmbFvZ9XoyMiQ6agDLh/DeQMKL1aahk8rC9qgKqmkyb9kp4VLfEYQI:7bFFMi4ghD/pxjrsqgKqmkyeiLchI

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4176	3560	WerFault.exe	80
2940	3560	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 4176	3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe	83
PID 3560 wrote to memory of 4176	3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe	83
PID 3560 wrote to memory of 4176	3560	TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe	83

C:\Users\Admin\AppData\Local\Temp\TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe
"C:\Users\Admin\AppData\Local\Temp\TRMSBEN00237 HK acil FİYAT TEKLİFİ PO10939202.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 1320
  2⤵
  - Program crash
  PID:4176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 1320
  2⤵
  - Program crash
  PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3560 -ip 3560
1⤵
PID:4172

memory/3560-132-0x0000000000D50000-0x0000000000E1A000-memory.dmp

Filesize
808KB

Download
memory/3560-133-0x0000000005940000-0x00000000059D2000-memory.dmp

Filesize
584KB

Download
memory/3560-134-0x00000000060D0000-0x000000000616C000-memory.dmp

Filesize
624KB

Download