Analysis
-
max time kernel
119s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
02-11-2023 15:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
hareketleriniz .pdf.exe
Resource
win7-20231023-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
hareketleriniz .pdf.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
11 signatures
150 seconds
General
-
Target
hareketleriniz .pdf.exe
-
Size
119KB
-
MD5
ac17552680ce92bcdeee8d85dd23a094
-
SHA1
3834e08df86667af59ca7ca77be8536063fb490c
-
SHA256
5c046d79136779c5d2d1093a0ae1b45a61f4d49b0f8b8947e18bfccee2806559
-
SHA512
0998215bf514c7aa6d0c664d78f19bbeb17686109bae943f0921d7323492bcfd796b131061a251303e970b2a60640d242555beeffec55bde2b542ad961b69dd6
-
SSDEEP
3072:pNAUxwbSVwS03k/oej4T5zYQxwNc1xNUPBC1C:pSU2bSVwrU/oeaYQxwNc1xKk1
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
hareketleriniz .pdf.exedescription pid process Token: SeDebugPrivilege 2288 hareketleriniz .pdf.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
hareketleriniz .pdf.exedescription pid process target process PID 2288 wrote to memory of 2672 2288 hareketleriniz .pdf.exe WerFault.exe PID 2288 wrote to memory of 2672 2288 hareketleriniz .pdf.exe WerFault.exe PID 2288 wrote to memory of 2672 2288 hareketleriniz .pdf.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\hareketleriniz .pdf.exe"C:\Users\Admin\AppData\Local\Temp\hareketleriniz .pdf.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2288 -s 11762⤵PID:2672