Overview

overview

10

Static

static

AnnualReport.exe

windows7_x64

1

AnnualReport.exe

windows10_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    10-11-2020 22:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnnualReport.exe

  • Size

    233KB

  • MD5

    e562d0767f189f0efa970ecb217e815d

  • SHA1

    c75ff2054c521f7eb3ead8a1494cb6809bcc3219

  • SHA256

    88565b64b4feccaaac0eb2529cf81b7b666c92589a814c859b276d5ec477f92e

  • SHA512

    faec2ce9911a991b3742d72052429e0b836d48b61dd95ccfa9c5014f736818b171b7ebe67a786121b7425915e8a1b4bb2d4ff42110f9cde01e68a2a6ddf5a6a4

Score
10/10
trickbottar2bankertrojan

Malware Config

Extracted

Family

trickbot

Version

100001

Botnet

tar2

C2

66.85.183.5:443

185.163.47.157:443

94.140.115.99:443

195.123.240.40:443

195.123.241.226:443
Attributes
  • autorun
    Name:pwgrab
ecc_pubkey.base64

Signatures

  • Trickbot

    Developed in 2016, TrickBot is one of the more recent banking Trojans.

    trojanbankertrickbot
  • Executes dropped EXE 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnnualReport.exe
    "C:\Users\Admin\AppData\Local\Temp\AnnualReport.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Users\Admin\AppData\Local\Temp\6ECD.exe
      C:\Users\Admin\AppData\Local\Temp\6ECD.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Windows\system32\wermgr.exe
        C:\Windows\system32\wermgr.exe
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6ECD.exe
    MD5

    5d75b8689e2cfbfe8065752fd4c4f661

    SHA1

    9238d8073102fd84c752f6e65edc717944346f20

    SHA256

    fc3da2468a121aff5433ea738221b5e9fd962c87041654b2c88f5291e0e15f22

    SHA512

    7d842d675df4cbcb1cae10b19d3ca4d68637d98a580ae72c1a11c6a612196e4e1382093bd02dbf2a7e92c8b2aa381ab46fccdf755d2de43bc25d3af38ed86575

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\6ECD.exe
    MD5

    5d75b8689e2cfbfe8065752fd4c4f661

    SHA1

    9238d8073102fd84c752f6e65edc717944346f20

    SHA256

    fc3da2468a121aff5433ea738221b5e9fd962c87041654b2c88f5291e0e15f22

    SHA512

    7d842d675df4cbcb1cae10b19d3ca4d68637d98a580ae72c1a11c6a612196e4e1382093bd02dbf2a7e92c8b2aa381ab46fccdf755d2de43bc25d3af38ed86575

    Download Submit
  • memory/8-0-0x0000000000F70000-0x0000000000F96000-memory.dmp
    Filesize

    152KB

    Download
  • memory/8-1-0x0000000140000000-0x0000000140025000-memory.dmp
    Filesize

    148KB

    Download
  • memory/1492-7-0x0000000000000000-mapping.dmp
    Download
  • memory/2628-2-0x0000000000000000-mapping.dmp
    Download
  • memory/2628-5-0x0000000002200000-0x000000000223E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/2628-6-0x0000000002240000-0x000000000227A000-memory.dmp
    Filesize

    232KB

    Download