Overview

overview

3

Static

static

3

Gelen Para...ı.exe

windows7-x64

3

Gelen Para...ı.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    160s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2023, 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Gelen Para Transferi Detayları.exe

  • Size

    882KB

  • MD5

    5c5c8d0646e5c84a26f19b7051eff46c

  • SHA1

    523227fe5835f16bb94352d0e60cb5b84a742cbc

  • SHA256

    98df0b1d208f23cdc1fc3b7cd659393ab072b80e81ce2100d08a1f3f8bfde6e4

  • SHA512

    5af95b058999712c4af99066cd67b1b07d84582626c606ac856ce1c860a0fe009bafce3387663e5a82940e9cd55401fc94191fca054ac41bcb67493ad0eba337

  • SSDEEP

    12288:/5YeKTQd5h2mX0L+oQM79TfbZXCVISA4NikbH9bpTflwrkCOp:BNKsXkmXu+sQnBGu

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Gelen Para Transferi Detayları.exe
    "C:\Users\Admin\AppData\Local\Temp\Gelen Para Transferi Detayları.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3168
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 1156
      2⤵
      • Program crash
      PID:4348
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 1156
      2⤵
      • Program crash
      PID:1584
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3168 -ip 3168
    1⤵
      PID:556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3168-0-0x0000000074660000-0x0000000074E10000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3168-1-0x00000000005E0000-0x00000000006C2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3168-2-0x0000000074660000-0x0000000074E10000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3168-3-0x00000000055A0000-0x0000000005B44000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3168-4-0x00000000050B0000-0x0000000005142000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3168-5-0x00000000051E0000-0x00000000051F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3168-6-0x00000000051E0000-0x00000000051F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3168-7-0x00000000054F0000-0x00000000054FA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3168-8-0x0000000000B40000-0x0000000000B50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3168-9-0x0000000000790000-0x000000000079A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3168-10-0x0000000005D70000-0x0000000005DEC000-memory.dmp

      Filesize

      496KB

      Download

    • memory/3168-11-0x0000000008390000-0x000000000842C000-memory.dmp

      Filesize

      624KB

      Download