Analysis
-
max time kernel
584s -
max time network
586s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 19:06
Behavioral task
behavioral1
Sample
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5.exe
-
Size
131KB
-
MD5
8f8226f3671db4833a9e091d3ad25b07
-
SHA1
caa16573f44e49e30079ba1fced6d6ef16eb8969
-
SHA256
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5
-
SHA512
b11c0943925ecdd10b39079e816b959c3709dfcfb2dbe7f495d5c6596861bbb8c8c129420b3a3cd39d62de860289a24a777aa33bb56d974790daec744efef29e
Malware Config
Extracted
Family
trickbot
Version
100001
Botnet
tar2
C2
66.85.183.5:443
185.163.47.157:443
94.140.115.99:443
195.123.240.40:443
195.123.241.226:443
Attributes
-
autorunName:pwgrab
ecc_pubkey.base64
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5.exedescription pid process Token: SeDebugPrivilege 2036 8f129e5bc46ab520bc4e9eff2b79c9948a4c2dc48a84eacbb9d506c939eebce5.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2036-0-0x0000000000400000-0x0000000000422000-memory.dmpFilesize
136KB