Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
23-12-2020 22:30
Behavioral task
behavioral1
Sample
7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8.bin.exe
Resource
win7v20201028
General
-
Target
7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8.bin.exe
-
Size
138KB
-
MD5
f3dcd3a18208a98d4b4f25a47f6df344
-
SHA1
3ced50ff1d6aae794bd853914ec6f58db08aa876
-
SHA256
7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8
-
SHA512
7985059bbbbc200c17674a7039cc5043acebad4f64fa135a9356b1603d414117e496fd11de47264bb2fa3789f8b2ba94fba47e9c5b954b7474b00b98ed7b8d46
Malware Config
Extracted
trickbot
100007
mon27
41.243.29.182:449
196.45.140.146:449
103.87.25.220:443
103.98.129.222:449
103.87.25.220:449
103.65.196.44:449
103.65.195.95:449
103.61.101.11:449
103.61.100.131:449
103.150.68.124:449
103.137.81.206:449
103.126.185.7:449
103.112.145.58:449
103.110.53.174:449
102.164.208.48:449
102.164.208.44:449
-
autorunName:pwgrab
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8.bin.exedescription pid process Token: SeDebugPrivilege 4684 7a7c994d08c6230071ccb8ca9c1b564b7df81e8fe574478df329a088dd2232e8.bin.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4684-2-0x0000000000400000-0x0000000000424000-memory.dmpFilesize
144KB