167142b256a43661a934dac8d2e84d1167e66022acb9e374e4542adbaceff753

Analysis

max time kernel
58s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ZiraatBankasi-SwiftMesaji20221121.exe
Size

1003KB
MD5

394f30cac9eef76036a281aba4a390ac
SHA1

9c764db3dccde0a69d915cdb1e1d8041c2353f8e
SHA256

167142b256a43661a934dac8d2e84d1167e66022acb9e374e4542adbaceff753
SHA512

ff2ed218d39a2d78e805c2d26729da29c37cc2d61c7ab64ac982a0097dad4e1c690465c348702555143120aaa1b0986f61252b811d1d9712bd41d24fa59c916b
SSDEEP

24576:td3yd+KevnuWLrR7wOwZQroOpUTLHh5er4+L74mBfNUstzo:td3W0pwBaoOpuHhI

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

ZiraatBankasi-SwiftMesaji20221121.exe

pid	process
1960	ZiraatBankasi-SwiftMesaji20221121.exe
1960	ZiraatBankasi-SwiftMesaji20221121.exe
1960	ZiraatBankasi-SwiftMesaji20221121.exe
1960	ZiraatBankasi-SwiftMesaji20221121.exe
1960	ZiraatBankasi-SwiftMesaji20221121.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ZiraatBankasi-SwiftMesaji20221121.exe

description pid process

Token: SeDebugPrivilege 1960 ZiraatBankasi-SwiftMesaji20221121.exe

description	pid	process
Token: SeDebugPrivilege	1960	ZiraatBankasi-SwiftMesaji20221121.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

ZiraatBankasi-SwiftMesaji20221121.exe

C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe
"C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1960

C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe
"C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe"
2⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe
"C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe"
2⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe
"C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe"
2⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe
"C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe"
2⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe
"C:\Users\Admin\AppData\Local\Temp\ZiraatBankasi-SwiftMesaji20221121.exe"
2⤵
PID:1344

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-54-0x0000000000300000-0x0000000000402000-memory.dmp

Filesize
1.0MB

Download
memory/1960-55-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/1960-56-0x0000000000460000-0x0000000000478000-memory.dmp

Filesize
96KB

Download
memory/1960-57-0x0000000000580000-0x000000000058C000-memory.dmp

Filesize
48KB

Download
memory/1960-58-0x0000000005F90000-0x0000000006042000-memory.dmp

Filesize
712KB

Download
memory/1960-59-0x0000000007FA0000-0x0000000008018000-memory.dmp

Filesize
480KB

Download

description	pid	process	target process
PID 1960 wrote to memory of 1728	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1728	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1728	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1728	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 608	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 608	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 608	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 608	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1220	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1220	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1220	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1220	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1224	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1224	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1224	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1224	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1344	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1344	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1344	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe
PID 1960 wrote to memory of 1344	1960	ZiraatBankasi-SwiftMesaji20221121.exe	ZiraatBankasi-SwiftMesaji20221121.exe