6a263de423ef5dbc1724917602ce7426c5e1f4bfc62ca455b31d1af02f67b95d

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
21/09/2023, 13:52

Target

SÖZLEŞME VE HESAP BAKİYESİ.exe
Size

1021KB
MD5

119f1191eedfaeadc7a14177b802d2e0
SHA1

dca5cfb6ebc497ce3b98f16aca25351ca706bbd0
SHA256

6a263de423ef5dbc1724917602ce7426c5e1f4bfc62ca455b31d1af02f67b95d
SHA512

b256860bceb2538b214e5d5649e0ac85a1f7597b7d55bbd34f442d218f08950c3a8fc424681db78cb85da3e8213fecafc2b7d4d27d4a8104b26dea129d5c8bb0
SSDEEP

12288:+dPU72iNt2a9v4m0O1Hx5Nyvqpuz7K8e4hA0x1HmWfFFLdqMW6y+98kTUI9wZ:6U71d6O1HrEPgYnHd1dqgP8OL4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2740	3004	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3004	SÖZLEŞME VE HESAP BAKİYESİ.exe
3004	SÖZLEŞME VE HESAP BAKİYESİ.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3004	SÖZLEŞME VE HESAP BAKİYESİ.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2740	3004	SÖZLEŞME VE HESAP BAKİYESİ.exe	30
PID 3004 wrote to memory of 2740	3004	SÖZLEŞME VE HESAP BAKİYESİ.exe	30
PID 3004 wrote to memory of 2740	3004	SÖZLEŞME VE HESAP BAKİYESİ.exe	30
PID 3004 wrote to memory of 2740	3004	SÖZLEŞME VE HESAP BAKİYESİ.exe	30

C:\Users\Admin\AppData\Local\Temp\SÖZLEŞME VE HESAP BAKİYESİ.exe
"C:\Users\Admin\AppData\Local\Temp\SÖZLEŞME VE HESAP BAKİYESİ.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 784
  2⤵
  - Program crash
  PID:2740

memory/3004-0-0x0000000000AB0000-0x0000000000BB6000-memory.dmp

Filesize
1.0MB

Download
memory/3004-1-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/3004-2-0x0000000004DC0000-0x0000000004E00000-memory.dmp

Filesize
256KB

Download
memory/3004-3-0x0000000000290000-0x00000000002A2000-memory.dmp

Filesize
72KB

Download
memory/3004-4-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/3004-5-0x0000000004DC0000-0x0000000004E00000-memory.dmp

Filesize
256KB

Download
memory/3004-6-0x00000000002C0000-0x00000000002C8000-memory.dmp

Filesize
32KB

Download
memory/3004-7-0x00000000002D0000-0x00000000002DC000-memory.dmp

Filesize
48KB

Download
memory/3004-8-0x0000000005140000-0x00000000051BC000-memory.dmp

Filesize
496KB

Download