Overview

overview

10

Static

static

00143ac944...ed.exe

windows7_x64

10

00143ac944...ed.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    09-05-2021 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed.exe

  • Size

    98KB

  • MD5

    bacd3059fe8dc55a8708b1ae72922906

  • SHA1

    1b864eb3ffb27ebf15a4744e5236bee7a8bdb978

  • SHA256

    00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed

  • SHA512

    d33e7938d98fa19325d848884d39e531a6f68136634845c0ac01abb5d2421302a22fde2188c885e883a6f8659fe3d206b25b23c4791dff8f504a2df325887b7e

Score
10/10
tinbabankerpersistencetrojan

Malware Config

Signatures

  • Tinba / TinyBanker

    Banking trojan which uses packet sniffing to steal data.

    trojanbankertinba
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 27 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
    1⤵
      PID:2412
    • c:\windows\system32\taskhostw.exe
      taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
      1⤵
        PID:2744
      • C:\Windows\Explorer.EXE
        C:\Windows\Explorer.EXE
        1⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3020
        • C:\Users\Admin\AppData\Local\Temp\00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed.exe
          "C:\Users\Admin\AppData\Local\Temp\00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed.exe"
          2⤵
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2116
          • C:\Users\Admin\AppData\Local\Temp\00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed.exe
            C:\Users\Admin\AppData\Local\Temp\00143ac9449a1f48b7919361afa3b2ca0b5e1b9d7005750bfabc795a0e8d32ed.exe
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2396
            • C:\Windows\SysWOW64\winver.exe
              winver
              4⤵
              • Adds Run key to start application
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of WriteProcessMemory
              PID:2604
      • C:\Windows\system32\DllHost.exe
        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
        1⤵
          PID:3812
          • C:\Windows\system32\WerFault.exe
            C:\Windows\system32\WerFault.exe -u -p 3812 -s 836
            2⤵
            • Program crash
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3160
        • C:\Windows\System32\RuntimeBroker.exe
          C:\Windows\System32\RuntimeBroker.exe -Embedding
          1⤵
            PID:3492
          • C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
            "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
            1⤵
              PID:3248
            • C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
              "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
              1⤵
                PID:3236
              • c:\windows\system32\sihost.exe
                sihost.exe
                1⤵
                  PID:2364
                • C:\Windows\system32\DllHost.exe
                  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                  1⤵
                    PID:2472
                  • C:\Windows\System32\slui.exe
                    C:\Windows\System32\slui.exe -Embedding
                    1⤵
                      PID:2444

                    Network

                    MITRE ATT&CK Matrix ATT&CK v6

                    Initial Access

                    Execution

                    Persistence

                    Registry Run Keys / Startup Folder

                    1
                    T1060

                    Privilege Escalation

                    Defense Evasion

                    Modify Registry

                    1
                    T1112

                    Credential Access

                    Discovery

                    Lateral Movement

                    Collection

                    Exfiltration

                    Command and Control

                    Impact

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • memory/2116-117-0x0000000000A50000-0x0000000000A54000-memory.dmp
                      Filesize

                      16KB

                      Download
                    • memory/2364-127-0x0000000000390000-0x0000000000396000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/2396-114-0x0000000000400000-0x000000000149A000-memory.dmp
                      Filesize

                      16.6MB

                      Download
                    • memory/2396-115-0x0000000000401000-mapping.dmp
                      Download
                    • memory/2396-119-0x0000000000400000-0x0000000000404400-memory.dmp
                      Filesize

                      17KB

                      Download
                    • memory/2396-120-0x00000000016C0000-0x000000000180A000-memory.dmp
                      Filesize

                      1.3MB

                      Download
                    • memory/2412-128-0x0000000000560000-0x0000000000566000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/2472-146-0x000001A00C480000-0x000001A00C490000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-164-0x000001A00C840000-0x000001A00C850000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-175-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-180-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-150-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-149-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-178-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-132-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-177-0x000001A00C840000-0x000001A00C850000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-133-0x000001A00DF40000-0x000001A00DF50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-134-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-135-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-136-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-137-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-131-0x0000000000A10000-0x0000000000A16000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/2472-168-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-169-0x000001A00C830000-0x000001A00C840000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-139-0x000001A00DF40000-0x000001A00DF50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-140-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-142-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-141-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-138-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-143-0x000001A00C480000-0x000001A00C490000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-145-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-144-0x00007FF878550000-0x00007FF878551000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/2472-170-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-147-0x000001A00C840000-0x000001A00C850000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-148-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-179-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-125-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-152-0x000001A00C830000-0x000001A00C840000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-151-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-153-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-154-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-155-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-156-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-157-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-158-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-159-0x000001A00C830000-0x000001A00C840000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-160-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-161-0x000001A00C840000-0x000001A00C850000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-162-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-163-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-171-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-165-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-166-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-167-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-174-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-173-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2472-172-0x000001A00CA40000-0x000001A00CA50000-memory.dmp
                      Filesize

                      64KB

                      Download
                    • memory/2604-116-0x0000000000000000-mapping.dmp
                      Download
                    • memory/2604-118-0x0000000000490000-0x0000000000496000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/2744-129-0x0000000000700000-0x0000000000706000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/3020-121-0x00007FF878540000-0x00007FF878541000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3020-122-0x00007FF878550000-0x00007FF878551000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3020-126-0x0000000000D90000-0x0000000000D96000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/3020-124-0x00007FF878560000-0x00007FF878561000-memory.dmp
                      Filesize

                      4KB

                      Download
                    • memory/3020-123-0x00000000030A0000-0x00000000030A6000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/3160-176-0x00000000002D0000-0x00000000002D6000-memory.dmp
                      Filesize

                      24KB

                      Download
                    • memory/3492-130-0x0000000000FD0000-0x0000000000FD6000-memory.dmp
                      Filesize

                      24KB

                      Download