Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
30-06-2020 23:17
Static task
static1
Behavioral task
behavioral1
Sample
dZOiYPd.bin.exe
Resource
win7
General
-
Target
dZOiYPd.bin.exe
-
Size
500KB
-
MD5
b1253684096a6ab41d9017d3d02b265a
-
SHA1
68e643fa0a4dd16fc32b587535f3ae8958612b10
-
SHA256
a3f763c730e23fab3523b4a501f4590abcc4fd20306cba116c3b726a0d198367
-
SHA512
8b7d97bd4acf405b3c4f8c0a43acb6bb1b4326e601a3fcae0226c483d0cebe132298fe68bfdb41ddef47e0a1cc8ebe62d98fa091f0a551d88822f2fc26371518
Malware Config
Extracted
trickbot
1000512
ono52
95.171.16.42:443
185.90.61.9:443
5.1.81.68:443
185.99.2.65:443
134.119.191.11:443
85.204.116.100:443
78.108.216.47:443
51.81.112.144:443
194.5.250.121:443
185.14.31.104:443
185.99.2.66:443
107.175.72.141:443
192.3.247.123:443
134.119.191.21:443
85.204.116.216:443
91.235.129.20:443
181.129.104.139:449
181.112.157.42:449
181.129.134.18:449
131.161.253.190:449
121.100.19.18:449
190.136.178.52:449
45.6.16.68:449
110.232.76.39:449
122.50.6.122:449
103.12.161.194:449
36.91.45.10:449
110.93.15.98:449
80.210.32.67:449
103.111.83.246:449
200.107.35.154:449
36.89.182.225:449
36.89.243.241:449
36.92.19.205:449
110.50.84.5:449
182.253.113.67:449
36.66.218.117:449
-
autorunName:pwgrab
Signatures
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
dZOiYPd.bin.exedescription pid process target process PID 1520 wrote to memory of 2580 1520 dZOiYPd.bin.exe wermgr.exe PID 1520 wrote to memory of 2580 1520 dZOiYPd.bin.exe wermgr.exe PID 1520 wrote to memory of 2580 1520 dZOiYPd.bin.exe wermgr.exe PID 1520 wrote to memory of 2580 1520 dZOiYPd.bin.exe wermgr.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
wermgr.exedescription pid process Token: SeDebugPrivilege 2580 wermgr.exe Token: SeDebugPrivilege 2580 wermgr.exe Token: SeDebugPrivilege 2580 wermgr.exe