Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
20/02/2024, 10:08
General
-
Target
TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe
-
Size
825KB
-
MD5
9fee0ea0631ef620f2779db09403f86f
-
SHA1
b9b9c0e125acb284ddcd2b022049dc009b39154e
-
SHA256
bb053a3a97825365645e56cff486dd5b1e25b86a88d66264bdd4cf50a889fb85
-
SHA512
19ab3654ea9ee2856529228148478580b940376a8ace6a0742157077b67e79c30b101dbf0934061cd8e906bfb94ad73f7fa69b0d66950f98d268739ddf57766b
-
SSDEEP
12288:HO6nmQTPFA1uqH0QKQcRbk6oNPwTz42lY8HZKJ53Gj+daJv/ZD4bKuiyhQGPyBE:HO6nmSFAMqH0DKH92lL5tj+S5eKu6qy
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe"C:\Users\Admin\AppData\Local\Temp\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\TEKLİF TALEP VE FİYAT TEKLİFİ_xlxs.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\wyzksfGTzv.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\wyzksfGTzv" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9119.tmp"2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 10522⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD52c63e53bc9fda1c78ae8bfbcb7410031
SHA14219ca56bbc86b9da83fb8edd9ae45c0bf0c1deb
SHA25612ace8a704349fb9687b4d6ff7bcdad095fefb6db5e8c6237e9be09603527300
SHA512841304e646c7ad179a6ae5cff5e3ec37db217bcfb71ba80b9499b9f8a26d08f64ed0013bf5b24b71702e2df29bf6e43a9aa5880f5ad567e294fbff0c917d837d
-
Filesize
7KB
MD555d5801feb22c2430bd0a083cf10360d
SHA1ea2ed23699578f1958db9565892464d1bb31bb73
SHA25631e1b7d69b389f46edb0ff3f56f53fdb0dfcc8886e10f8ec0fc7e17d3248fa3f
SHA512f457758f51238c12a130fc481d2d60b5f6cd6242236f09b9894528c48024603e8c7f1bb7b1b879989d1ce408347d70627eed0c937bd6636af8437892ae413856
-
Filesize
56KB
-
Filesize
6.9MB
-
Filesize
848KB
-
Filesize
72KB
-
Filesize
520KB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
128KB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
5.7MB
-
Filesize
5.7MB