Analysis
-
max time kernel
119s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 01:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ödenmiş fatura.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
ödenmiş fatura.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
ödenmiş fatura.exe
-
Size
700.6MB
-
MD5
87b6dca2969d1aa7dbb4c6a75d9bad5a
-
SHA1
5f02ef0d54e574983a4a61a05bf029865236fbeb
-
SHA256
af389051a5dda1eb9ff6389ad08d019a3ad1e5dfc91de75ce2d67a43da3b9191
-
SHA512
e25193685fa000f83a9deae9114b27d89cf2682134d5e2720a257790925289aba3932277bc3e379e505fe3a8c9be8397aa33a804650b58378d62b23318b72957
-
SSDEEP
12288:Afg3r+1v1RWLm+D7Vqh/v5XpKJzwAPNhvwmmtLWPAuQ7Wdqid1uKozg5vH:AfkUvd+Dpg/v5+cAlhv9mpFWdqEoUFH
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2504 2036 WerFault.exe ödenmiş fatura.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
ödenmiş fatura.exepid process 2036 ödenmiş fatura.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
ödenmiş fatura.exedescription pid process Token: SeDebugPrivilege 2036 ödenmiş fatura.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
ödenmiş fatura.exedescription pid process target process PID 2036 wrote to memory of 2504 2036 ödenmiş fatura.exe WerFault.exe PID 2036 wrote to memory of 2504 2036 ödenmiş fatura.exe WerFault.exe PID 2036 wrote to memory of 2504 2036 ödenmiş fatura.exe WerFault.exe PID 2036 wrote to memory of 2504 2036 ödenmiş fatura.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ödenmiş fatura.exe"C:\Users\Admin\AppData\Local\Temp\ödenmiş fatura.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 6922⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2036-0-0x000000007428E000-0x000000007428F000-memory.dmpFilesize
4KB
-
memory/2036-1-0x00000000000A0000-0x0000000000146000-memory.dmpFilesize
664KB
-
memory/2036-2-0x0000000074280000-0x000000007496E000-memory.dmpFilesize
6.9MB
-
memory/2036-3-0x0000000000450000-0x000000000045E000-memory.dmpFilesize
56KB
-
memory/2036-4-0x000000007428E000-0x000000007428F000-memory.dmpFilesize
4KB
-
memory/2036-5-0x0000000074280000-0x000000007496E000-memory.dmpFilesize
6.9MB
-
memory/2036-6-0x00000000005F0000-0x00000000005FA000-memory.dmpFilesize
40KB
-
memory/2036-7-0x0000000005750000-0x00000000057BA000-memory.dmpFilesize
424KB
-
memory/2036-8-0x0000000000810000-0x0000000000842000-memory.dmpFilesize
200KB