Overview

overview

5

Static

static

5

FATURA VE ...ER.exe

windows7-x64

5

FATURA VE ...ER.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    140s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2024, 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FATURA VE BELGELER.exe

  • Size

    1.3MB

  • MD5

    ab73bb398d7e17306949a65901ac16cb

  • SHA1

    921ef96402c60cdf087e1de98db5ae95e0bc684f

  • SHA256

    ba74486b3f24f44bb5f9abbd3243acedb28d7e5ff2d520a4780b322894da4f21

  • SHA512

    c3af8ae358f027e32e38042fc4430cc2e9859e22c75be2c451de68eee6f427ec8a3018864663b525f7bc7b59cb60591fa44afbbe09f3240a42e1d757e8c2f08f

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLrQ2c2JdgHB9jSrzGb2kwHI4NVJSKUHNxu:f3v+7/5QLcM89jmzGbRE9stxu

Score
5/10
discovery

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FATURA VE BELGELER.exe
    "C:\Users\Admin\AppData\Local\Temp\FATURA VE BELGELER.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3520
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\FATURA VE BELGELER.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3520-2-0x00000000042D0000-0x00000000046D0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3520-4-0x00000000042D0000-0x00000000046D0000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4848-3-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4848-5-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4848-6-0x0000000001400000-0x000000000174A000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4848-7-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

    Download