{"Username: ": "VVkDExoCFG4o1k", "URL: ": "http://2cRhONggGD4U87PUSY.com", "To: ": "muhasebe@ceotech.com.tr", "ByHost: ": "mail.ceotech.com.tr:587", "Password: ": "JRuuV68u86gFWkr", "From: ": "muhasebe@ceotech.com.tr"}
Source: Halkbank_Ekstre_20210113_162325_384771.exe.6128.1.memstr | Malware Configuration Extractor: Agenttesla {"Username: ": "VVkDExoCFG4o1k", "URL: ": "http://2cRhONggGD4U87PUSY.com", "To: ": "muhasebe@ceotech.com.tr", "ByHost: ": "mail.ceotech.com.tr:587", "Password: ": "JRuuV68u86gFWkr", "From: ": "muhasebe@ceotech.com.tr"} |
Source: 0.0.Halkbank_Ekstre_20210113_162325_384771.exe.ec0000.0.unpack | Avira: Label: TR/ATRAPS.Gen |
Source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.54d0000.5.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 1.0.Halkbank_Ekstre_20210113_162325_384771.exe.ec0000.0.unpack | Avira: Label: TR/ATRAPS.Gen |
Source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.400000.0.unpack | Avira: Label: TR/Spy.Gen8 |
Source: 0.2.Halkbank_Ekstre_20210113_162325_384771.exe.ec0000.0.unpack | Avira: Label: TR/ATRAPS.Gen |
Source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.ec0000.1.unpack | Avira: Label: TR/ATRAPS.Gen |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://2cRhONggGD4U87PUSY.com |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://2cRhONggGD4U87PUSY.comt |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: http://FStglU.com |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.628097347.00000000033E1000.00000004.00000001.sdmp | String found in binary or memory: http://ceotech.com.tr |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.628097347.00000000033E1000.00000004.00000001.sdmp | String found in binary or memory: http://mail.ceotech.com.tr |
Source: Halkbank_Ekstre_20210113_162325_384771.exe | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED60C0 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED683C |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED0432 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED55E0 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED51BC |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED7991 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ECA951 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ECD929 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED5B50 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_0040A2A5 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ED60C0 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ED683C |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ED0432 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ED55E0 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ED51BC |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ED7991 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ECA951 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ECD929 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ED5B50 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_010060C8 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01002A08 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01004A50 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_0100AAA0 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01005428 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01007F58 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_0100C050 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_0100E698 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01012D50 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_0101F4E8 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01011FE2 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01012618 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01019DB8 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_0101F489 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01019AC3 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012E99E0 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012E6068 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012EE318 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012EBA38 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012E5E48 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012E7190 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012ED817 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: String function: 00EC715C appears 370 times |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: String function: 00EC9160 appears 64 times |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: String function: 00EC7021 appears 40 times |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: String function: 00EC6F06 appears 36 times |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: String function: 00EC6EF1 appears 84 times |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: String function: 00ECBFC3 appears 38 times |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000000.00000003.252138972.000000001ACBF000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamentdll.dllj% vs Halkbank_Ekstre_20210113_162325_384771.exe |
Source: Halkbank_Ekstre_20210113_162325_384771.exe | Binary or memory string: OriginalFilename vs Halkbank_Ekstre_20210113_162325_384771.exe |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.628915716.00000000054D2000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameDcEdwonAXzKWxMNmQOCUH.exe4 vs Halkbank_Ekstre_20210113_162325_384771.exe |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.623266381.0000000000E70000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx vs Halkbank_Ekstre_20210113_162325_384771.exe |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.623515086.0000000000FF8000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Halkbank_Ekstre_20210113_162325_384771.exe |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.629630125.00000000063C0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Halkbank_Ekstre_20210113_162325_384771.exe |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.625030855.00000000012F0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs Halkbank_Ekstre_20210113_162325_384771.exe |
Source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.54d0000.5.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.54d0000.5.unpack, A/b2.cs | Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00401489 GetModuleHandleW,GetModuleHandleW,FindResourceW,GetModuleHandleW,LoadResource,LockResource,GetModuleHandleW,SizeofResource,FreeResource,ExitProcess, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: Kernel32.dll |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: User32.dll |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: User32.dll |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: IEUCIZEO |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: Kernel32.dll |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: User32.dll |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: User32.dll |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Command line argument: IEUCIZEO |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: unknown | Process created: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe 'C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe' |
Source: unknown | Process created: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe 'C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe' |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process created: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe 'C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe' |
Source: Halkbank_Ekstre_20210113_162325_384771.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: Halkbank_Ekstre_20210113_162325_384771.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: Halkbank_Ekstre_20210113_162325_384771.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: Halkbank_Ekstre_20210113_162325_384771.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: Halkbank_Ekstre_20210113_162325_384771.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED1B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00EC91A5 push ecx; ret |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00401F16 push ecx; ret |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00EC91A5 push ecx; ret |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_01017A37 push edi; retn 0000h |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_012ED5B0 push es; ret |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe TID: 2724 | Thread sleep time: -19369081277395017s >= -30000s |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe TID: 2188 | Thread sleep count: 9003 > 30 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe TID: 2188 | Thread sleep count: 846 > 30 |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.629630125.00000000063C0000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.629630125.00000000063C0000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.629630125.00000000063C0000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000003.477281323.0000000006618000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.629630125.00000000063C0000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED1B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ED1B13 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00EC6A00 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00CFF40D mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00CFE9B6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00CFF2C5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00CFF262 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00CFF225 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_004035F1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00EC6A00 mov eax, dword ptr fs:[00000030h] |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ECC0A3 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 0_2_00ECC080 SetUnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00401E1D SetUnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_0040446F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00401C88 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00401F30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ECC0A3 SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Code function: 1_2_00ECC080 SetUnhandledExceptionFilter, |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.625144838.0000000001860000.00000002.00000001.sdmp | Binary or memory string: uProgram Manager |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.625144838.0000000001860000.00000002.00000001.sdmp | Binary or memory string: Shell_TrayWnd |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.625144838.0000000001860000.00000002.00000001.sdmp | Binary or memory string: Progman |
Source: Halkbank_Ekstre_20210113_162325_384771.exe, 00000001.00000002.625144838.0000000001860000.00000002.00000001.sdmp | Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: Yara match | File source: 00000001.00000002.628915716.00000000054D2000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.625929224.0000000003020000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.628470056.0000000004091000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.253943134.0000000000F70000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.622605392.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.624730399.0000000001209000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Halkbank_Ekstre_20210113_162325_384771.exe PID: 6128, type: MEMORY |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.3020000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.54d0000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Halkbank_Ekstre_20210113_162325_384771.exe.f70000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Halkbank_Ekstre_20210113_162325_384771.exe.f70000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.3020000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities |
Source: C:\Users\user\Desktop\Halkbank_Ekstre_20210113_162325_384771.exe | Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 |
Source: Yara match | File source: 00000001.00000002.628915716.00000000054D2000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.625929224.0000000003020000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.628470056.0000000004091000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.253943134.0000000000F70000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.622605392.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.626326029.0000000003091000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.624730399.0000000001209000.00000004.00000020.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: Halkbank_Ekstre_20210113_162325_384771.exe PID: 6128, type: MEMORY |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.3020000.4.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.54d0000.5.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Halkbank_Ekstre_20210113_162325_384771.exe.f70000.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.Halkbank_Ekstre_20210113_162325_384771.exe.f70000.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.3020000.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.Halkbank_Ekstre_20210113_162325_384771.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.