6ea20989d66aa35efba273fe6d634b8a7c269c7f03a8df6dcb9c5653dcbba810

General

Target

halkbank_Ekstre_2023029011_081940_689633.pdf.exe
Size

580KB
MD5

c3996670eb6356a971f1ae1614a71ee6
SHA1

ef131d2dd9628335ca952fefad451a6ce9f7fa94
SHA256

6ea20989d66aa35efba273fe6d634b8a7c269c7f03a8df6dcb9c5653dcbba810
SHA512

bee62dd3706e3484e55b2b44e9a17474b345c5d391da51edd9789cb0a285b2fd81f0dedfae8e840943693db8b2fea0a36d5c7e1800de0af2439b290b86f711a3
SSDEEP

12288:Vrl1E6jD/Glz9plmQS6HOmfKXS5Cl1b44wvopox:dl1tD/GlBplR7fF5CUe

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

halkbank_Ekstre_2023029011_081940_689633.pdf.exe

pid	process
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

halkbank_Ekstre_2023029011_081940_689633.pdf.exe

description pid process

Token: SeDebugPrivilege 2008 halkbank_Ekstre_2023029011_081940_689633.pdf.exe

description	pid	process
Token: SeDebugPrivilege	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

halkbank_Ekstre_2023029011_081940_689633.pdf.exe

C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2008

C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe"
2⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe"
2⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe"
2⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe"
2⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\halkbank_Ekstre_2023029011_081940_689633.pdf.exe"
2⤵
PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-0-0x00000000003B0000-0x0000000000448000-memory.dmp

Filesize
608KB

Download
memory/2008-1-0x0000000074C40000-0x000000007532E000-memory.dmp

Filesize
6.9MB

Download
memory/2008-2-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2008-3-0x0000000000330000-0x0000000000348000-memory.dmp

Filesize
96KB

Download
memory/2008-4-0x0000000000210000-0x0000000000216000-memory.dmp

Filesize
24KB

Download
memory/2008-5-0x00000000002D0000-0x00000000002DA000-memory.dmp

Filesize
40KB

Download
memory/2008-6-0x00000000051F0000-0x000000000524E000-memory.dmp

Filesize
376KB

Download
memory/2008-7-0x0000000074C40000-0x000000007532E000-memory.dmp

Filesize
6.9MB

Download
memory/2008-8-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2008-9-0x0000000074C40000-0x000000007532E000-memory.dmp

Filesize
6.9MB

Download

description	pid	process	target process
PID 2008 wrote to memory of 1960	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 1960	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 1960	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 1960	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2652	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2652	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2652	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2652	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2120	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2120	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2120	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2120	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2116	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2116	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2116	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2116	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2036	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2036	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2036	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe
PID 2008 wrote to memory of 2036	2008	halkbank_Ekstre_2023029011_081940_689633.pdf.exe	halkbank_Ekstre_2023029011_081940_689633.pdf.exe

Analysis

Sharing