d3277817e3f5dd9265d3797ceb8db5316f75c7f708f9ba2186d8380c7a6530c1

Analysis

max time kernel
55s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07/03/2023, 12:26

Target

REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe
Size

1.2MB
MD5

000eacef2e4254e30b09a9e4b683d009
SHA1

2150c7fc34a86887f6b5ad520d66e9ab9727df64
SHA256

d3277817e3f5dd9265d3797ceb8db5316f75c7f708f9ba2186d8380c7a6530c1
SHA512

53a86d0e575c95f40942f2c7bdf1477c42cac0375a6fa49c8a513cfdebb1b0f45dfaf83b1e021679b2c79a65ceab83399429caf334e662fd482fd361b62dfefa
SSDEEP

24576:D0YNUK616VPsqYoK3qoUUUhJH0PqkqBp:PNJiSpYoUqoGhJLX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
468	1720	WerFault.exe	26

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1720	REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1720	REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 468	1720	REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe	27
PID 1720 wrote to memory of 468	1720	REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe	27
PID 1720 wrote to memory of 468	1720	REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe	27
PID 1720 wrote to memory of 468	1720	REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe	27

C:\Users\Admin\AppData\Local\Temp\REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe
"C:\Users\Admin\AppData\Local\Temp\REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 708
  2⤵
  - Program crash
  PID:468

memory/1720-54-0x0000000001350000-0x0000000001490000-memory.dmp

Filesize
1.2MB

Download
memory/1720-55-0x00000000012D0000-0x0000000001310000-memory.dmp

Filesize
256KB

Download
memory/1720-56-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1720-57-0x00000000012D0000-0x0000000001310000-memory.dmp

Filesize
256KB

Download
memory/1720-58-0x0000000000440000-0x000000000044C000-memory.dmp

Filesize
48KB

Download
memory/1720-59-0x0000000005240000-0x00000000052E2000-memory.dmp

Filesize
648KB

Download
memory/1720-60-0x0000000000AF0000-0x0000000000B18000-memory.dmp

Filesize
160KB

Download