76b5863b2b0be120fee04420b4e40ca395713d156a6fe71a29102138efbf0a7c

Analysis

max time kernel
171s
max time network
178s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
03/08/2023, 19:24

Target

Olağanüstü ödeme.exe
Size

650.6MB
MD5

7289969bd6e1d73be5e0cf8610f99685
SHA1

2fb9df1c3271defe41abbe48e924b7f756637d35
SHA256

6fa4ba8e7a4e6f31dbc8416a41df44c3677d42f54e93166517e64337b2c33840
SHA512

1c374b896a242116e29f4a68f2aab84cfad2183344f181a46c4add67af962ede7f7e46f435709ffacc4521ec2323e54938af53d7490b045c9d2c78364c19f0b9
SSDEEP

12288:aqCEGer8c6eH6S7WeA30mNpwvprmQ00p4bxqRIpS+pa/A+r57O:bCEhh6cSI+pwv1mQ00RRSSIa/AY

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2832	1600	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1600	Olağanüstü ödeme.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1600	Olağanüstü ödeme.exe
Token: 33	1612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1612	AUDIODG.EXE
Token: 33	1612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1612	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2832	1600	Olağanüstü ödeme.exe	30
PID 1600 wrote to memory of 2832	1600	Olağanüstü ödeme.exe	30
PID 1600 wrote to memory of 2832	1600	Olağanüstü ödeme.exe	30
PID 1600 wrote to memory of 2832	1600	Olağanüstü ödeme.exe	30

C:\Users\Admin\AppData\Local\Temp\Olağanüstü ödeme.exe
"C:\Users\Admin\AppData\Local\Temp\Olağanüstü ödeme.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 708
  2⤵
  - Program crash
  PID:2832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1612

memory/1600-54-0x00000000010A0000-0x000000000113C000-memory.dmp

Filesize
624KB

Download
memory/1600-55-0x0000000074A00000-0x00000000750EE000-memory.dmp

Filesize
6.9MB

Download
memory/1600-56-0x0000000004AD0000-0x0000000004B10000-memory.dmp

Filesize
256KB

Download
memory/1600-57-0x0000000000540000-0x0000000000554000-memory.dmp

Filesize
80KB

Download
memory/1600-58-0x0000000074A00000-0x00000000750EE000-memory.dmp

Filesize
6.9MB

Download
memory/1600-59-0x0000000004AD0000-0x0000000004B10000-memory.dmp

Filesize
256KB

Download
memory/1600-60-0x00000000005E0000-0x00000000005EA000-memory.dmp

Filesize
40KB

Download
memory/1600-61-0x0000000005490000-0x000000000550C000-memory.dmp

Filesize
496KB

Download
memory/1600-62-0x0000000074A00000-0x00000000750EE000-memory.dmp

Filesize
6.9MB

Download