Overview

overview

3

Static

static

3

MALZEMELER...ER.exe

windows7-x64

3

MALZEMELER...ER.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    58s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2023, 10:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MALZEMELER İÇİN BELGELER.exe

  • Size

    834KB

  • MD5

    1436f910ff222cb17c6a5e96d7d0a69f

  • SHA1

    cba67e2d2247e0474cc0267e9660f203ac1904fb

  • SHA256

    5d9bb423fe6b1cb4fa77edde15ac108d779750606fe6dc904c3190af91b4af75

  • SHA512

    2a83b509caddc264b654320c90abbaa7bdec0052e1dd957eafabf4ea8a8c8869fead4c6faf9f0c36cbb71fcc9d1bca01747f35a89d108912ad5705d7557a4f5b

  • SSDEEP

    12288:lY8v5vljUqYes048f+BdY2spdbBJolfK9MpCPJcXbMoY:J+esj8fkS2wpBJJMpHX

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MALZEMELER İÇİN BELGELER.exe
    "C:\Users\Admin\AppData\Local\Temp\MALZEMELER İÇİN BELGELER.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 696
      2⤵
      • Program crash
      PID:968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/836-54-0x0000000000A50000-0x0000000000B26000-memory.dmp

    Filesize

    856KB

    Download

  • memory/836-55-0x00000000009D0000-0x0000000000A10000-memory.dmp

    Filesize

    256KB

    Download

  • memory/836-56-0x0000000000310000-0x0000000000322000-memory.dmp

    Filesize

    72KB

    Download

  • memory/836-57-0x00000000009D0000-0x0000000000A10000-memory.dmp

    Filesize

    256KB

    Download

  • memory/836-58-0x0000000000330000-0x000000000033A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/836-59-0x0000000004F30000-0x0000000004F92000-memory.dmp

    Filesize

    392KB

    Download

  • memory/836-60-0x0000000002350000-0x0000000002378000-memory.dmp

    Filesize

    160KB

    Download