Overview

overview

10

Static

static

3

Ödeme onaylama.exe

windows7-x64

1

Ödeme onaylama.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18-04-2024 09:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ödeme onaylama.exe

  • Size

    810.6MB

  • MD5

    d79dc866ebc2705b5eb812c4519a1dd4

  • SHA1

    887f080e0e82a4410a5bc45bae1148b394bda6c1

  • SHA256

    85b3d8c24bb5653ba1ffa131a6d7b03b42da9a03f245488f2a11eb79db2bbac6

  • SHA512

    133941fc0ff7a652d20546ec534341efb61574e13b9f286af6a459c09e04a1d13428b39e81a3cc640449f8cad7a86f95805540b570e7d4c49efc4b345b8d42a0

  • SSDEEP

    24576:mJiMLXgIe3HNa7TM5/LUZZ0YHwEts4Ae2Y0bf0:m+l3tafM5gXLHBt9AeYbf

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
    "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
      "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
      2⤵
        PID:3064
      • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
        "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
        2⤵
          PID:2608
        • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
          "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
          2⤵
            PID:2664
          • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
            "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
            2⤵
              PID:2668
            • C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe
              "C:\Users\Admin\AppData\Local\Temp\Ödeme onaylama.exe"
              2⤵
                PID:2684

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/2124-0-0x00000000003E0000-0x000000000049E000-memory.dmp

              Filesize

              760KB

              Download

            • memory/2124-1-0x0000000074840000-0x0000000074F2E000-memory.dmp

              Filesize

              6.9MB

              Download

            • memory/2124-2-0x0000000004D20000-0x0000000004D60000-memory.dmp

              Filesize

              256KB

              Download

            • memory/2124-3-0x00000000004A0000-0x00000000004B8000-memory.dmp

              Filesize

              96KB

              Download

            • memory/2124-4-0x0000000000500000-0x000000000050E000-memory.dmp

              Filesize

              56KB

              Download

            • memory/2124-5-0x0000000000550000-0x0000000000564000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2124-6-0x0000000001F00000-0x0000000001F84000-memory.dmp

              Filesize

              528KB

              Download

            • memory/2124-7-0x0000000074840000-0x0000000074F2E000-memory.dmp

              Filesize

              6.9MB

              Download