trickbot | 18a3ed7a253f8e074805bfedc4cf6aab316ce4909913e2dc8aedbc19fce668ca

Analysis

Target

18a3ed7a253f8e074805bfedc4cf6aab316ce4909913e2dc8aedbc19fce668ca.dll
Size

675KB
MD5

46ea0661444ba5f0c09c59938883fcaa
SHA1

dee40cdb15046a6a1f47445b6202034e9a0d77e6
SHA256

18a3ed7a253f8e074805bfedc4cf6aab316ce4909913e2dc8aedbc19fce668ca
SHA512

df0fc73283f7fe95c5db87b01981b708c32ab048ebf0234fd9c7273b1b6e530dd610409a7b0680b38527795f1ebb771569d185976aace3d1bfca8680921cfbac

Score

10^/10

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Templ.dll packer 3 IoCs

Detects Templ.dll packer which usually loads Trickbot.

resource	yara_rule
behavioral1/memory/2032-4-0x0000000000330000-0x0000000000369000-memory.dmp	templ_dll
behavioral1/memory/2032-5-0x00000000003A0000-0x00000000003D7000-memory.dmp	templ_dll
behavioral1/memory/2032-6-0x00000000001D0000-0x0000000000206000-memory.dmp	templ_dll

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2032	1856	rundll32.exe	26
PID 1856 wrote to memory of 2032	1856	rundll32.exe	26
PID 1856 wrote to memory of 2032	1856	rundll32.exe	26
PID 1856 wrote to memory of 2032	1856	rundll32.exe	26
PID 1856 wrote to memory of 2032	1856	rundll32.exe	26
PID 1856 wrote to memory of 2032	1856	rundll32.exe	26
PID 1856 wrote to memory of 2032	1856	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18a3ed7a253f8e074805bfedc4cf6aab316ce4909913e2dc8aedbc19fce668ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18a3ed7a253f8e074805bfedc4cf6aab316ce4909913e2dc8aedbc19fce668ca.dll,#1
  2⤵
  PID:2032
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe
    3⤵
    PID:324

memory/2032-3-0x00000000767E1000-0x00000000767E3000-memory.dmp

Filesize
8KB

Download
memory/2032-4-0x0000000000330000-0x0000000000369000-memory.dmp

Filesize
228KB

Download
memory/2032-5-0x00000000003A0000-0x00000000003D7000-memory.dmp

Filesize
220KB

Download
memory/2032-6-0x00000000001D0000-0x0000000000206000-memory.dmp

Filesize
216KB

Download
memory/2032-7-0x0000000000920000-0x0000000000963000-memory.dmp

Filesize
268KB

Download
memory/2032-8-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download