418452c2ebe702ef15b7bcaaff290cfbc93d346303f8b0b624007c1cbf2ad6ba

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:27

Target

ödenmiş fatura.exe
Size

700.6MB
MD5

87b6dca2969d1aa7dbb4c6a75d9bad5a
SHA1

5f02ef0d54e574983a4a61a05bf029865236fbeb
SHA256

af389051a5dda1eb9ff6389ad08d019a3ad1e5dfc91de75ce2d67a43da3b9191
SHA512

e25193685fa000f83a9deae9114b27d89cf2682134d5e2720a257790925289aba3932277bc3e379e505fe3a8c9be8397aa33a804650b58378d62b23318b72957
SSDEEP

12288:Afg3r+1v1RWLm+D7Vqh/v5XpKJzwAPNhvwmmtLWPAuQ7Wdqid1uKozg5vH:AfkUvd+Dpg/v5+cAlhv9mpFWdqEoUFH

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2504 2036 WerFault.exe ödenmiş fatura.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

ödenmiş fatura.exe

pid process

2036 ödenmiş fatura.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ödenmiş fatura.exe

description pid process

Token: SeDebugPrivilege 2036 ödenmiş fatura.exe

pid	pid_target	process	target process
2504	2036	WerFault.exe	ödenmiş fatura.exe

pid	process
2036	ödenmiş fatura.exe

description	pid	process
Token: SeDebugPrivilege	2036	ödenmiş fatura.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

ödenmiş fatura.exe

description	pid	process	target process
PID 2036 wrote to memory of 2504	2036	ödenmiş fatura.exe	WerFault.exe
PID 2036 wrote to memory of 2504	2036	ödenmiş fatura.exe	WerFault.exe
PID 2036 wrote to memory of 2504	2036	ödenmiş fatura.exe	WerFault.exe
PID 2036 wrote to memory of 2504	2036	ödenmiş fatura.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 692
2⤵
- Program crash
PID:2504

memory/2036-0-0x000000007428E000-0x000000007428F000-memory.dmp

Filesize
4KB

Download
memory/2036-1-0x00000000000A0000-0x0000000000146000-memory.dmp

Filesize
664KB

Download
memory/2036-2-0x0000000074280000-0x000000007496E000-memory.dmp

Filesize
6.9MB

Download
memory/2036-3-0x0000000000450000-0x000000000045E000-memory.dmp

Filesize
56KB

Download
memory/2036-4-0x000000007428E000-0x000000007428F000-memory.dmp

Filesize
4KB

Download
memory/2036-5-0x0000000074280000-0x000000007496E000-memory.dmp

Filesize
6.9MB

Download
memory/2036-6-0x00000000005F0000-0x00000000005FA000-memory.dmp

Filesize
40KB

Download
memory/2036-7-0x0000000005750000-0x00000000057BA000-memory.dmp

Filesize
424KB

Download
memory/2036-8-0x0000000000810000-0x0000000000842000-memory.dmp

Filesize
200KB

Download