8ac3866f0c0b1199171f5e1c00be45481d19c8fc25cf1d079fe2331611708a6a

Analysis

max time kernel
127s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 07:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Satınalma Siparişi - 44965.exe
Size

655KB
MD5

0d6062a8c9a7aefeb01dc25894120e0f
SHA1

a28711aceaefa9deeae53689b0b9faf929cf6fb3
SHA256

e4b091b6eb1421a4bb8ef19af620e52d101806a44351c5191919198306d6b826
SHA512

ccd01a049cd4938a35457aaa7b0c7fe9750d9da2f79c98c4bb845006756947147f7179e4fabc49671212fc52a260b0c302262038e3f67eac2058bd92043d9f8b
SSDEEP

12288:PHUzAvAE5WGWxETOz7rn7bU1oUh05Y2hc4Dq5E8:szO54xETern7bUadY2Hq5E8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4116	1608	WerFault.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1608	Satınalma Siparişi - 44965.exe
1608	Satınalma Siparişi - 44965.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1608	Satınalma Siparişi - 44965.exe

C:\Users\Admin\AppData\Local\Temp\Satınalma Siparişi - 44965.exe
"C:\Users\Admin\AppData\Local\Temp\Satınalma Siparişi - 44965.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 1092
  2⤵
  - Program crash
  PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1608 -ip 1608
1⤵
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1608-133-0x0000000000E10000-0x0000000000EBA000-memory.dmp

Filesize
680KB

Download
memory/1608-134-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download
memory/1608-135-0x0000000005EC0000-0x0000000006464000-memory.dmp

Filesize
5.6MB

Download
memory/1608-136-0x00000000059B0000-0x0000000005A42000-memory.dmp

Filesize
584KB

Download
memory/1608-137-0x0000000005DB0000-0x0000000005DC2000-memory.dmp

Filesize
72KB

Download
memory/1608-138-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/1608-139-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-140-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-142-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-144-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-146-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-148-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-150-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-152-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-154-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-156-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-158-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-160-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-162-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-164-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-166-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-168-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-170-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-172-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-174-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-176-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-178-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-180-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-182-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-184-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-186-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-188-0x0000000005980000-0x00000000059A3000-memory.dmp

Filesize
140KB

Download
memory/1608-189-0x0000000005E10000-0x0000000005E11000-memory.dmp

Filesize
4KB

Download
memory/1608-190-0x00000000068D0000-0x000000000696C000-memory.dmp

Filesize
624KB

Download
memory/1608-191-0x0000000075320000-0x0000000075AD0000-memory.dmp

Filesize
7.7MB

Download