8ac3866f0c0b1199171f5e1c00be45481d19c8fc25cf1d079fe2331611708a6a

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/08/2023, 07:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Satınalma Siparişi - 44965.exe
Size

655KB
MD5

0d6062a8c9a7aefeb01dc25894120e0f
SHA1

a28711aceaefa9deeae53689b0b9faf929cf6fb3
SHA256

e4b091b6eb1421a4bb8ef19af620e52d101806a44351c5191919198306d6b826
SHA512

ccd01a049cd4938a35457aaa7b0c7fe9750d9da2f79c98c4bb845006756947147f7179e4fabc49671212fc52a260b0c302262038e3f67eac2058bd92043d9f8b
SSDEEP

12288:PHUzAvAE5WGWxETOz7rn7bU1oUh05Y2hc4Dq5E8:szO54xETern7bUadY2Hq5E8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2712	1468	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1468	Satınalma Siparişi - 44965.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1468	Satınalma Siparişi - 44965.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2712	1468	Satınalma Siparişi - 44965.exe	28
PID 1468 wrote to memory of 2712	1468	Satınalma Siparişi - 44965.exe	28
PID 1468 wrote to memory of 2712	1468	Satınalma Siparişi - 44965.exe	28
PID 1468 wrote to memory of 2712	1468	Satınalma Siparişi - 44965.exe	28

C:\Users\Admin\AppData\Local\Temp\Satınalma Siparişi - 44965.exe
"C:\Users\Admin\AppData\Local\Temp\Satınalma Siparişi - 44965.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 620
  2⤵
  - Program crash
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1468-54-0x00000000010D0000-0x000000000117A000-memory.dmp

Filesize
680KB

Download
memory/1468-55-0x0000000074970000-0x000000007505E000-memory.dmp

Filesize
6.9MB

Download
memory/1468-56-0x0000000000B30000-0x0000000000BBA000-memory.dmp

Filesize
552KB

Download
memory/1468-58-0x00000000004F0000-0x000000000051A000-memory.dmp

Filesize
168KB

Download
memory/1468-57-0x0000000000C20000-0x0000000000C60000-memory.dmp

Filesize
256KB

Download
memory/1468-59-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-60-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-62-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-64-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-66-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-68-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-70-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-74-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-80-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-84-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-90-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-94-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-98-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-104-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-106-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-102-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-100-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-108-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-96-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-92-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-88-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-86-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-82-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-78-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-76-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-72-0x00000000004F0000-0x0000000000513000-memory.dmp

Filesize
140KB

Download
memory/1468-109-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/1468-110-0x0000000074970000-0x000000007505E000-memory.dmp

Filesize
6.9MB

Download
memory/1468-111-0x0000000000C20000-0x0000000000C60000-memory.dmp

Filesize
256KB

Download