Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
24-12-2024 18:40
General
-
Target
ZiraatTRK6575740.exe
-
Size
345KB
-
MD5
710472a8addb7f60ad0cf827edc0f51a
-
SHA1
6f0a0dd32734de4b5529c87d5b73001bb8a2b37f
-
SHA256
07901d29fd52f346dfc7af58c41499260674510d887bedb11e9a5c9a87967c85
-
SHA512
42b295bb466ac87d441aa7bbbe22ce49e66079dbf28e58eb9ce8fdec82a716afb719ea2c94b68edc6e891a67937a52a561a232edb093687ca0dfec77d83cc1ee
-
SSDEEP
6144:8DIXx1xeTIIIIIIIIIIISIIIIIIIIIIlIIIasooo7ObIIGII4Ijie2QPw2qrEY33:dVeTIIIIIIIIIIISIIIIIIIIIIlIIIlB
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 46 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 47 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: MapViewOfSection 57 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"3⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"4⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"5⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"5⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"6⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"7⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"7⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"8⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"8⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"9⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"9⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"10⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"10⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"11⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"11⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"12⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"12⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"13⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"13⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"14⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"14⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"15⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"15⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"16⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"16⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"17⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"17⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"18⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"18⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"19⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"19⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"20⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"20⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"21⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"21⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"22⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"22⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"23⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"23⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"24⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"24⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"25⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"25⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"26⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"26⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"27⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"27⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"28⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"28⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"29⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"29⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"30⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"30⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"31⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"31⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"32⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"32⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"33⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"33⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"34⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"34⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"35⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"35⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"36⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"36⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"37⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"37⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"38⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"38⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"39⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"39⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"40⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"40⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"41⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"41⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"42⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"42⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"43⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"43⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"44⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"44⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"45⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"45⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"46⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"46⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"47⤵
-
-
C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"47⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Users\Admin\AppData\Local\Temp\ZiraatTRK6575740.exe"48⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD5a9ce258e64948b25b25de88b88abbbd6
SHA1ca1490970dd65241665193f15bea29bec22e5d90
SHA256d0c279fc81ff1bf700d6620350d59d999a6142cb5b6a082e3fa687eb6c1aa8fc
SHA512ad1175ec889ca632343575b5a52f1912bb230a3f67c9096cba3c5e4ccc8023b55e4c4f3954a7fb2fb6d7b5346dff927fa3f2b2d36aebcf729f0ae1aa2488585d
-
Filesize
112KB
MD56c634fdad078189f0c5421e2a7f5dbaf
SHA1368646223766a40b0c9644265ce7e3799c2e85a3
SHA2565f34f0cd5dca9103ea5b8f81881ab9c835fd1f83cec0454b0d7090a831a795ae
SHA51290049719aeed702ec520d0cbdd044a217a73aac3f8c20c460805e597441cfc3e16ce2c3a8c0839e69b01421ea57b5ac4f1d3433ebce108f42937e39736ce9287
-
Filesize
5KB
MD555ece16004aa5f4e2922619cd4550be1
SHA1314c0edc2a812e88da96322d340919f63a392d8d
SHA2563ce9036a2569c7c3c15061528ecf49747620d4fd3b22338694c9525c6c0e4fc3
SHA51225cba598082fc6d7705a0c0e7de491fe156fce88308fe510d70d40c01bf458849cf9f50f190ad67ca742b2829357170978accae1d3eeb9190850d3dc4746aa24
-
Filesize
1000KB
-
Filesize
12.3MB
-
Filesize
8KB