df365b7013189762793dea193eb030ae8f7aed6ca14b5552ffd63a43508cbc6e

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12/04/2023, 12:53

Target

Yeni siparis listesi12042023.exe
Size

226KB
MD5

ecb9dc6ebe7fc72219f57876c166f4f1
SHA1

ffcd4db15cc11f2d49eed7d4c0252a7f8c41dc53
SHA256

df365b7013189762793dea193eb030ae8f7aed6ca14b5552ffd63a43508cbc6e
SHA512

5008f49fe2e8544091f853661bf23d3ed61a10d2a84de3270f1ca32e9da2fbd5d25f2d77ce3f5141614e7626bb2eec8fde17f63c21490becbb44a9ac52445789
SSDEEP

6144:NkG7hGpzhjfajfVUJLougeFU0J9/41mI:n7Mpz66LSXm/41mI

Score

1^/10

Suspicious behavior: EnumeratesProcesses 10 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1420	Yeni siparis listesi12042023.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 1116	1420	Yeni siparis listesi12042023.exe	28
PID 1420 wrote to memory of 1116	1420	Yeni siparis listesi12042023.exe	28
PID 1420 wrote to memory of 1116	1420	Yeni siparis listesi12042023.exe	28
PID 1420 wrote to memory of 1116	1420	Yeni siparis listesi12042023.exe	28
PID 1420 wrote to memory of 900	1420	Yeni siparis listesi12042023.exe	29
PID 1420 wrote to memory of 900	1420	Yeni siparis listesi12042023.exe	29
PID 1420 wrote to memory of 900	1420	Yeni siparis listesi12042023.exe	29
PID 1420 wrote to memory of 900	1420	Yeni siparis listesi12042023.exe	29
PID 1420 wrote to memory of 1400	1420	Yeni siparis listesi12042023.exe	30
PID 1420 wrote to memory of 1400	1420	Yeni siparis listesi12042023.exe	30
PID 1420 wrote to memory of 1400	1420	Yeni siparis listesi12042023.exe	30
PID 1420 wrote to memory of 1400	1420	Yeni siparis listesi12042023.exe	30
PID 1420 wrote to memory of 1664	1420	Yeni siparis listesi12042023.exe	31
PID 1420 wrote to memory of 1664	1420	Yeni siparis listesi12042023.exe	31
PID 1420 wrote to memory of 1664	1420	Yeni siparis listesi12042023.exe	31
PID 1420 wrote to memory of 1664	1420	Yeni siparis listesi12042023.exe	31
PID 1420 wrote to memory of 1316	1420	Yeni siparis listesi12042023.exe	32
PID 1420 wrote to memory of 1316	1420	Yeni siparis listesi12042023.exe	32
PID 1420 wrote to memory of 1316	1420	Yeni siparis listesi12042023.exe	32
PID 1420 wrote to memory of 1316	1420	Yeni siparis listesi12042023.exe	32

C:\Users\Admin\AppData\Local\Temp\Yeni siparis listesi12042023.exe
"C:\Users\Admin\AppData\Local\Temp\Yeni siparis listesi12042023.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:1116
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:900
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:1400
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:1664
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  PID:1316

memory/1420-54-0x0000000000E80000-0x0000000000EB6000-memory.dmp

Filesize
216KB

Download
memory/1420-55-0x00000000005C0000-0x00000000005D0000-memory.dmp

Filesize
64KB

Download