3b64f7763e13df83d98937c6e28a4cb90125c0745111effc3125ffc7ae9d18bf

General

Target

Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
Size

775KB
MD5

1cb48027023b81dbb379affeaf8d7dcd
SHA1

419cb2c717da6aaf9a521318f1d5315aef93d9af
SHA256

3b64f7763e13df83d98937c6e28a4cb90125c0745111effc3125ffc7ae9d18bf
SHA512

81b81c3384cbbd77f7f69a7b1cceacb42aca94de4e6acf3f9615ffdc8fc8f60e3eed7066c2ec206c8b59c7a9405dec76c446bf625567c84023178f6848fb4add
SSDEEP

12288:LSdI0+32BXAs19j1snY9YNi04M4eZL+eDwGMFE:LSVBdAi9JvdMFVHDwvFE

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe

pid	process
2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe

description pid process

Token: SeDebugPrivilege 2292 Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe

description	pid	process
Token: SeDebugPrivilege	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe

C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292

C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe"
2⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe"
2⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe"
2⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe"
2⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
"C:\Users\Admin\AppData\Local\Temp\Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe"
2⤵
PID:2472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-0-0x00000000001E0000-0x00000000002A8000-memory.dmp

Filesize
800KB

Download
memory/2292-1-0x0000000074E70000-0x000000007555E000-memory.dmp

Filesize
6.9MB

Download
memory/2292-2-0x0000000004EE0000-0x0000000004F20000-memory.dmp

Filesize
256KB

Download
memory/2292-3-0x00000000002E0000-0x00000000002F6000-memory.dmp

Filesize
88KB

Download
memory/2292-4-0x0000000000340000-0x0000000000348000-memory.dmp

Filesize
32KB

Download
memory/2292-5-0x0000000000360000-0x000000000036A000-memory.dmp

Filesize
40KB

Download
memory/2292-6-0x0000000005D70000-0x0000000005DEC000-memory.dmp

Filesize
496KB

Download
memory/2292-7-0x0000000074E70000-0x000000007555E000-memory.dmp

Filesize
6.9MB

Download
memory/2292-8-0x0000000004EE0000-0x0000000004F20000-memory.dmp

Filesize
256KB

Download
memory/2292-9-0x0000000074E70000-0x000000007555E000-memory.dmp

Filesize
6.9MB

Download

description	pid	process	target process
PID 2292 wrote to memory of 2120	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2120	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2120	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2120	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2676	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2676	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2676	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2676	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 1576	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 1576	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 1576	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 1576	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2260	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2260	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2260	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2260	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2472	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2472	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2472	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe
PID 2292 wrote to memory of 2472	2292	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe	Hesap_Hareketleri_SUN_BAGLANTI_ELEMANLARI_PRES_METMAKSANVE_TICLTDSTI_20231124_84014609_PDF.exe

Analysis

Sharing