Overview

overview

3

Static

static

3

ödenmiş fatura.exe

windows7-x64

3

ödenmiş fatura.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    127s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 01:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ödenmiş fatura.exe

  • Size

    700.6MB

  • MD5

    87b6dca2969d1aa7dbb4c6a75d9bad5a

  • SHA1

    5f02ef0d54e574983a4a61a05bf029865236fbeb

  • SHA256

    af389051a5dda1eb9ff6389ad08d019a3ad1e5dfc91de75ce2d67a43da3b9191

  • SHA512

    e25193685fa000f83a9deae9114b27d89cf2682134d5e2720a257790925289aba3932277bc3e379e505fe3a8c9be8397aa33a804650b58378d62b23318b72957

  • SSDEEP

    12288:Afg3r+1v1RWLm+D7Vqh/v5XpKJzwAPNhvwmmtLWPAuQ7Wdqid1uKozg5vH:AfkUvd+Dpg/v5+cAlhv9mpFWdqEoUFH

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ödenmiş fatura.exe
    "C:\Users\Admin\AppData\Local\Temp\ödenmiş fatura.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4936
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 1176
      2⤵
      • Program crash
      PID:3552
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 4936 -ip 4936
    1⤵
      PID:1508

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4936-0-0x000000007450E000-0x000000007450F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4936-1-0x0000000000750000-0x00000000007F6000-memory.dmp

      Filesize

      664KB

      Download

    • memory/4936-2-0x00000000057C0000-0x0000000005D64000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4936-3-0x0000000005210000-0x00000000052A2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4936-5-0x0000000074500000-0x0000000074CB0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4936-4-0x00000000052B0000-0x00000000052BA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4936-6-0x00000000054C0000-0x00000000054CE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4936-7-0x000000007450E000-0x000000007450F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4936-8-0x0000000074500000-0x0000000074CB0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4936-9-0x00000000054E0000-0x00000000054EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4936-10-0x00000000068E0000-0x000000000694A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/4936-11-0x00000000069F0000-0x0000000006A8C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4936-12-0x0000000008FD0000-0x0000000009002000-memory.dmp

      Filesize

      200KB

      Download

    • memory/4936-13-0x0000000074500000-0x0000000074CB0000-memory.dmp

      Filesize

      7.7MB

      Download